A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet.

This command displays output only after the DHCPv6 process is running on the device.

Examples

# Display the DUID of the local device.

<Sysname> display ipv6 dhcp duid

The DUID of this device: 0003000100e0fc005552.

ipv6 dhcp advertise pd-route

Use ipv6 dhcp advertise pd-route to enable the DHCPv6 server or DHCPv6 relay agent to advertise IPv6 prefixes.

Use undo ipv6 dhcp advertise pd-route to disable the DHCPv6 server or DHCPv6 relay agent from advertising IPv6 prefixes.

Syntax

ipv6 dhcp advertise pd-route

undo ipv6 dhcp advertise pd-route

Default

The DHCPv6 server or DHCPv6 relay agent does not advertise IPv6 prefixes.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A DHCPv6 client can obtain an IPv6 prefix through DHCPv6 and use the IPv6 prefix for IPv6 address assignment in a downstream network. If the IPv6 prefix is in a different subnet than the IPv6 address of the DHCPv6 client's upstream interface, the downstream network cannot access the external network. You can use this command to configure the DHCPv6 server or DHCPv6 relay agent, whichever is on the same link as the DHCPv6 client, to advertise the IPv6 prefix.

To use this command on the DHCPv6 relay agent, you must enable the DHCPv6 relay agent to record DHCPv6 relay entries first.

Examples

# Enable the DHCPv6 server to advertise IPv6 prefixes.

<Sysname> system-view

[Sysname] ipv6 dhcp advertise pd-route

ipv6 dhcp dscp

Use ipv6 dhcp dscp to set the DSCP value for the DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.

Use undo ipv6 dhcp dscp to restore the default.

Syntax

ipv6 dhcp dscp dscp-value

undo ipv6 dhcp dscp

Default

The DSCP value is 56 in DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies the DSCP value for DHCPv6 packets, in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.

<Sysname> system-view

[Sysname] ipv6 dhcp dscp 30

ipv6 dhcp flood-protection aging-time

Use ipv6 dhcp flood-protection aging-time to set the DHCPv6 flood attack entry aging time.

Use undo ipv6 dhcp flood-protection aging-time to restore the default.

Syntax

ipv6 dhcp flood-protection aging-time time

undo ipv6 dhcp flood-protection aging-time

Default

The DHCPv6 flood attack entry aging time is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time: Specifies the aging time in seconds. The value range is 30 to 600.

Usage guidelines

The device deletes a DHCPv6 flood attack entry for a MAC address when the entry's aging time is reached. If a DHCPv6 packet from that MAC address arrives later, the device will create a new flood attack entry and count the number of incoming DHCPv6 packets for that MAC address again.

This command takes effect only after you execute the ipv6 dhcp flood-protection enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the DHCPv6 flood attack entry aging time to 90 seconds.

<Sysname> system-view

[Sysname] ipv6 dhcp flood-protection aging-time 90

Related commands

ipv6 dhcp flood-protection enable

ipv6 dhcp flood-protection threshold

ipv6 dhcp flood-protection enable

Use ipv6 dhcp flood-protection enable to enable DHCPv6 flood attack protection.

Use undo ipv6 dhcp flood-protection enable to disable DHCPv6 flood attack protection.

Syntax

ipv6 dhcp flood-protection enable

undo ipv6 dhcp flood-protection enable

Default

DHCPv6 flood attack protection is disabled.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

When the DHCPv6 device receives a DHCPv6 packet from a client (MAC address), it creates a DHCPv6 flood attack entry in check state. If the number of DHCPv6 packets from the same MAC address exceeds the upper limit in the detection duration, the device determines that the client is launching a DHCPv6 flood attack. The DHCPv6 flood attack entry changes to the restrain state, and the device discards the DHCPv6 packets from that client.

Examples

# Enable DHCPv6 flood attack protection for VSI 1.

<Sysname> system-view

[Sysname] vsi 1

[Sysname-vsi-1] ipv6 dhcp flood-protection enable

Related commands

ipv6 dhcp flood-protection aging-time

ipv6 dhcp flood-protection threshold

Use ipv6 dhcp flood-protection threshold to set the DHCPv6 packet rate threshold for DHCPv6 flood attack detection.

Use undo ipv6 dhcp flood-protection threshold to restore the default.

Syntax

ipv6 dhcp flood-protection threshold packet-number milliseconds

undo ipv6 dhcp flood-protection threshold

Default

The device allows a maximum of 6 DHCPv6 packets per 5000 milliseconds from each DHCPv6 client.

Views

System view

Predefined user roles

network-admin

Parameters

packet-number: Specifies the maximum number of DHCPv6 packets in the range of 2 to 200.

milliseconds: Specifies the DHCPv6 flood attack detection duration in milliseconds. The value range is 1000 to 10000.

Usage guidelines

The DHCPv6 flood attack protection enables the DHCPv6 server or the DHCPv6 relay agent to detect DHCPv6 flood attacks according to the DHCPv6 packet rate threshold on a per-MAC basis. If the number of DHCPv6 packets from the same MAC address exceeds the upper limit in the detection duration, the client at that MAC address is launching a DHCPv6 flood attack.

This command takes effect only after you execute the ipv6 dhcp flood-protection enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to allow a maximum of 2 DHCPv6 packets per 9000 milliseconds from each DHCPv6 client.

<Sysname> system-view

[Sysname] ipv6 dhcp flood-protection threshold 2 9000

Related commands

ipv6 dhcp flood-protection aging-time

ipv6 dhcp flood-protection enable

ipv6 dhcp log enable

Use ipv6 dhcp log enable to enable DHCPv6 server logging.

Use undo ipv6 dhcp log enable to disable DHCPv6 server logging.

Syntax

ipv6 dhcp log enable

undo ipv6 dhcp log enable

Default

DHCPv6 server logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCPv6 server to generate DHCPv6 logs and send them to the information center. The log information helps administrators locate and solve problems. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance or reduces the address and prefix allocation efficiency. For example, this situation might occur when a large number of clients frequently come online or go offline.

Examples

# Enable DHCPv6 server logging.

<Sysname> system-view

[Sysname] ipv6 dhcp log enable

ipv6 dhcp select

Use ipv6 dhcp select to enable the DHCPv6 server or DHCPv6 relay agent on an interface.

Use undo ipv6 dhcp select to restore the default.

Syntax

ipv6 dhcp select { relay | server }

undo ipv6 dhcp select

Default

An interface does not work in the DHCPv6 server mode or in the DHCPv6 relay agent mode. It discards DHCPv6 packets from DHCPv6 clients.

Views

Interface view

Predefined user roles

network-admin

Parameters

relay: Enables the DHCPv6 relay agent on the interface.

server: Enables the DHCPv6 server on the interface.

Usage guidelines

Before changing the DHCPv6 server mode to the DHCPv6 relay agent mode on an interface, use the following commands to remove IPv6 address/prefix bindings:

· reset ipv6 dhcp server ip-in-use

· reset ipv6 dhcp server pd-in-use

Do not configure the DHCPv6 client on the interface that has been configured as the DHCPv6 relay agent or DHCPv6 server.

Examples

# Enable the DHCPv6 server on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp select server

# Enable the DHCPv6 relay agent on VLAN-interface 20.

<Sysname> system-view

[Sysname] interface vlan-interface 20

[Sysname-Vlan-interface20] ipv6 dhcp select relay

Related commands

display ipv6 dhcp relay server-address

display ipv6 dhcp server

DHCPv6 server commands

address range

Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation.

Use undo address range to restore the default.

Syntax

address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]

undo address range

Default

No non-temporary IPv6 address range exists.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

start-ipv6-address: Specifies the start IPv6 address.

end-ipv6-address: Specifies the end IPv6 address.

preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6 addresses. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).

valid-lifetime valid-lifetime: Specifies the valid lifetime for the non-temporary IPv6 addresses. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred lifetime.

Usage guidelines

If you do not specify a non-temporary IPv6 address range, all unicast addresses on the subnet specified by the network command in address pool view are assignable. If you specify a non-temporary IPv6 address range, only the IPv6 addresses in the specified IPv6 address range are assignable.

You can specify only one non-temporary IPv6 address range in an address pool. If you execute this command multiple times, the most recent configuration takes effect.

The non-temporary IPv6 address range specified by the address range command must be on the subnet specified by the network command.

Examples

# Configure a non-temporary IPv6 address range from 3ffe:501:ffff:100::10 through 3ffe:501:ffff:100::31 in address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64

[Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31

Related commands

display ipv6 dhcp pool

network

temporary address range

address-alloc-mode eui-64

Use address-alloc-mode eui-64 to enable the EUI-64 address allocation mode.

Use undo address-alloc-mode eui-64 to restore the default.

Syntax

address-alloc-mode eui-64

undo address-alloc-mode eui-64

Default

The EUI-64 address allocation mode is disabled. The DHCPv6 server does not allocates IPv6 addresses based on EUI-64.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Usage guidelines

The IPv6 leases that are allocated before the command execution are not affected.

This command takes effect when the prefix length of the IPv6 subnet does not exceed 64 in the DHCPv6 address pools.

This feature enables the DHCPv6 server to obtain the client MAC address from the link layer header of the DHCPv6 request and generates an EUI-64 IPv6 address for the client. If a DHCPv6 relay agent is between the clients and server, do not configure this feature because the server cannot obtain the MAC addresses from received DHCPv6 requests.

Examples

# Enable the EUI-64 address allocation mode in DHCPv6 address pool pool1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1] address-alloc-mode eui-64

class pool

Use class pool to specify a DHCPv6 address pool for a DHCPv6 user class.

Use undo class pool to restore the default.

Syntax

class class-name pool pool-name

undo class class-name pool

Default

No DHCPv6 address pool is specified for a DHCPv6 user class.

Views

DHCPv6 policy view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCPv6 user class by its name, a case-insensitive string of 1 to 63 characters.

pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can specify only one DHCPv6 address pool for a DHCPv6 user class in a DHCPv6 policy. If you execute this command multiple times for a user class, the most recent configuration takes effect.

Examples

# Specify DHCPv6 address pool pool1 for DHCPv6 user class test in DHCPv6 policy 1.

<Sysname> system-view

[Sysname] ipv6 dhcp policy 1

[Sysname-dhcp6-policy-1] class test pool pool1

Related commands

default pool

ipv6 dhcp policy

ipv6 dhcp pool

default pool

Use default pool to specify the default DHCPv6 address pool.

Use undo default pool to restore the default.

Syntax

default pool pool-name

undo default pool

Default

No default DHCPv6 address pool is specified.

Views

DHCPv6 policy view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

In a DHCPv6 policy, the DHCPv6 server uses the default address pool to assign IPv6 address, IPv6 prefix, or other parameters to clients that do not match any user classes. If no default address pool is specified or the default address pool does not have assignable IPv6 addresses or prefixes, the assignment fails.

You can specify only one default address pool in a DHCPv6 policy. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the DHCPv6 address pool pool1 as the default DHCPv6 address pool in DHCPv6 policy 1.

<Sysname> system-view

[Sysname] ipv6 dhcp policy 1

[Sysname-dhcp6-policy-1] default pool pool1

Related commands

class pool

ipv6 dhcp policy

display ipv6 dhcp option-group

Use display ipv6 dhcp option-group to display information about a DHCPv6 option group.

Syntax

display ipv6 dhcp option-group [ option-group-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

option-group-number: Specifies a static or dynamic DHCPv6 option group by its ID. The value range for the option group ID is 1 to 100. If you do not specify an option group, this command displays information about all DHCPv6 option groups.

Usage guidelines

A static DHCPv6 option group is created by using the ipv6 dhcp option-group command.

A dynamic DHCPv6 option group is created automatically by a DHCPv6 client after it obtains the DHCPv6 configuration parameters. Dynamic option groups cannot be manually modified or deleted.

Examples

# Display information about all DHCPv6 option groups.

<Sysname> display ipv6 dhcp option-group

DHCPv6 option group: 1

DNS server addresses:

Type: Static

Interface: N/A

1::1

DNS server addresses:

Type: Dynamic (DHCPv6 address allocation)

Interface: Vlan-interface10

1::1

Domain name:

Type: Static

Interface: N/A

example.com

Domain name:

Type: Dynamic (DHCPv6 address allocation)

Interface: Vlan-interface10

example.com

Options:

Code: 23

Type: Dynamic (DHCPv6 prefix allocation)

Interface: Vlan-interface10

Length: 2 bytes

Hex: ABCD

DHCPv6 option group: 20

DNS server addresses:

Type: Static

Interface: N/A

1::1

DNS server addresses:

Type: Dynamic (DHCPv6 address allocation)

Interface: Vlan-interface10

1::1

Domain name:

Type: Static

Interface: N/A

example.com

Domain name:

Type: Dynamic (DHCPv6 address allocation)

Interface: Vlan-interface10

example.com

Options:

Code: 23

Type: Dynamic (DHCPv6 prefix allocation)

Interface: Vlan-interface10

Length: 2 bytes

Hex: ABCD

Table 1 Command output

Field	Description
DHCPv6 option group	ID of the DHCPv6 option group.
Type	Types of the DHCPv6 option: · Static—Parameter in a static DHCPv6 option group. · Dynamic (DHCPv6 address allocation)—Parameter in a dynamic DHCPv6 option group created during IPv6 address acquisition. · Dynamic (DHCPv6 prefix allocation)—Parameters in a dynamic DHCPv6 option group created during IPv6 prefix acquisition. · Dynamic (DHCPv6 address and prefix allocation)—Parameters in a dynamic DHCPv6 option group created during IPv6 address and prefix acquisition.
Interface	Interface name.
DNS server addresses	IPv6 address of the DNS server.
Domain name	Domain name suffix.
SIP server addresses	IPv6 address of the SIP server.
SIP server domain names	Domain name of the SIP server.
Options	Self-defined options.
Code	Code of the self-defined option.
Length	Self-defined option length in bytes.
Hex	Self-defined option content represented by a hexadecimal number.

Related commands

ipv6 dhcp option-group

display ipv6 dhcp pool

Use display ipv6 dhcp pool to display information about a DHCPv6 address pool.

Syntax

display ipv6 dhcp pool [ pool-name | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool-name: Displays information about the specified DHCPv6 address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays information about all DHCPv6 address pools.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about DHCPv6 address pools for the public network.

Examples

# Display information about DHCPv6 address pool 1.

<Sysname> display ipv6 dhcp pool 1

DHCPv6 pool: 1

Network: 3FFE:501:FFFF:100::/64

Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds

Prefix pool: 1

Preferred lifetime 24000 seconds, valid lifetime 36000 seconds

Addresses:

Range: from 3FFE:501:FFFF:100::1

to 3FFE:501:FFFF:100::99

Preferred lifetime 70480 seconds, valid lifetime 200000 seconds

Total address number: 153

Available: 153

In-use: 0

Temporary addresses:

Range: from 3FFE:501:FFFF:100::200

to 3FFE:501:FFFF:100::210

Preferred lifetime 60480 seconds, valid lifetime 259200 seconds

Total address number: 17

Available: 17

In-use: 0

Static bindings:

DUID: 0003000100e0fc000001

IAID: 0000003f

Prefix: 3FFE:501:FFFF:200::/64

Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds

DUID: 0003000100e0fc00cff1

IAID: 00000001

Address: 3FFE:501:FFFF:2001::1/64

Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds

DNS server addresses:

2::2

Domain name:

aaa.example.com

SIP server addresses:

5::1

SIP server domain names:

bbb.example.com

option 22 hex 123121

undo exhaustion log enable

IP-in-use threshold: 100

PD-in-use threshold: 100

Vendor-specific:

Vendor-ID: 25506

suboption 1 address 1::1 2::2

suboption 2 hex 11112222112211

exhaustion trap enable

# Display information about DHCPv6 address pool 1.

<Sysname> display ipv6 dhcp pool 1

DHCPv6 pool: 1

Network: Not-available

Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds

undo exhaustion log enable

IP-in-use threshold: 100

PD-in-use threshold: 100

exhaustion trap enable

# Display information about DHCPv6 address pool 1.

<Sysname> display ipv6 dhcp pool 1

DHCPv6 pool: 1

Network: 1::/64(Zombie)

Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds

undo exhaustion log enable

IP-in-use threshold: 100

PD-in-use threshold: 100

exhaustion trap enable

Table 2 Command output

Field	Description
DHCPv6 pool	Name of the DHCPv6 address pool.
Network	IPv6 subnet for dynamic IPv6 address allocation. If the subnet prefix is ineffective, this field displays Not-available. If the subnet prefix becomes ineffective after a configuration recovery (for example, a switchover from the backup to the master), the prefix is marked (Zombie).
Prefix pool	Prefix pool referenced by the address pool.
Preferred lifetime	Preferred lifetime in seconds.
valid lifetime	Valid lifetime in seconds.
Addresses	Non-temporary IPv6 address range.
Range	IPv6 address range for dynamic allocation.
Total address number	Total number of IPv6 addresses.
Available	Total number of available IPv6 addresses.
In-use	Total number of assigned IPv6 addresses.
Temporary addresses	Temporary IPv6 address range for dynamic allocation.
Static bindings	Static bindings configured in the address pool.
DUID	Client DUID.
IAID	Client IAID. If no IAID is configured, this field displays Not configured.
Prefix	IPv6 address prefix.
Address	Static IPv6 address.
DNS server addresses	DNS server address.
Domain name	Domain name.
SIP server addresses	SIP server address.
SIP server domain names	Domain name of the SIP server.
option	Custom DHCP option.
undo exhaustion log enable	IPv6 resource exhaustion logging is disabled for the IPv6 address pool. If this feature is enabled, this field displays exhaustion log enable.
IP-in-use threshold	IPv6 address usage threshold for the IPv6 address pool, in percentage.
PD-in-use threshold	IPv6 prefix usage threshold for the IPv6 address pool, in percentage.
Vendor-specific	DHCPv6 vendor-specific option information.
vendor-ID	Vendor ID.
suboption	Vendor-specific suboption code.
address	Suboption content in IPv6 address format.
hex	Suboption content in hexadecimal format.
ascii	Suboption content in ASCII format.
exhaustion trap enable	IPv6 resource exhaustion alarming is enabled. If this feature is disabled, this field displays undo exhaustion trap enable.

display ipv6 dhcp prefix-pool

Use display ipv6 dhcp prefix-pool to display information about a prefix pool.

Syntax

display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about all prefix pools.

Examples

# Display brief information about all prefix pools.

<Sysname> display ipv6 dhcp prefix-pool

Prefix-pool Prefix Available In-use Static

1 5::/64 64 0 0

# Display brief information about all prefix pools.

<Sysname> display ipv6 dhcp prefix-pool

Prefix-pool Prefix Available In-use Static

2 Not-available 0 0 0

# Display brief information about all prefix pools.

<Sysname> display ipv6 dhcp prefix-pool

Prefix-pool Prefix Available In-use Static

11 21::/112(Zombie) 0 64 0

# Display detailed information about prefix pool 1.

<Sysname> display ipv6 dhcp prefix-pool 1

Prefix: 5::/64

Assigned length: 70

Total prefix number: 64

Available: 64

In-use: 0

Static: 0

# Display detailed information about prefix pool 1.

<Sysname> display ipv6 dhcp prefix-pool 1

Prefix: Not-available

Assigned length: 70

Total prefix number: 0

Available: 0

In-use: 0

Static: 0

# Display detailed information about prefix pool 1.

<Sysname> display ipv6 dhcp prefix-pool 1

Prefix: 5::/64(Zombie)

Assigned length: 70

Total prefix number: 10

Available: 0

In-use: 10

Static: 0

Table 3 Command output

Field	Description
Prefix-pool	Prefix pool number.
Prefix	Prefix specified in the prefix pool. If the prefix is ineffective, this field displays Not-available. If the prefix becomes ineffective after a configuration recovery (for example, a switchover from the backup to the master), the prefix is marked (Zombie).
Available	Number of available prefixes.
In-use	Number of assigned prefixes.
Static	Number of statically bound prefixes.
Assigned length	Length of assigned prefixes.
Total prefix number	Number of prefixes.

display ipv6 dhcp server

Use display ipv6 dhcp server to display DHCPv6 server configuration information.

Syntax

display ipv6 dhcp server [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays DHCPv6 server configuration information for the specified interface. If you do not specify an interface, this command displays DHCPv6 server configuration information for all interfaces.

Examples

# Display DHCPv6 server configuration information for all interfaces.

<Sysname> display ipv6 dhcp server

Interface Pool

Vlan-interface2 1

Vlan-interface3 global

# Display DHCPv6 server configuration information for the interface VLAN-interface 2.

<Sysname> display ipv6 dhcp server interface vlan-interface 2

Using pool: 1

Preference value: 0

Allow-hint: Enabled

Rapid-commit: Disabled

Table 4 Command output

Field	Description
Interface	Interface enabled with DHCPv6 server.
Pool	Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.
Using pool	Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.
Preference value	Server preference in the DHCPv6 Advertise message. The value range is 0 to 255. The bigger the value is, the higher preference the server has.
Allow-hint	Indicates whether desired address/prefix assignment is enabled.
Rapid-commit	Indicates whether rapid address/prefix assignment is enabled.

display ipv6 dhcp server conflict

Use display ipv6 dhcp server conflict to display information about IPv6 address conflicts.

Syntax

display ipv6 dhcp server conflict [ address ipv6-address ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

address ipv6-address: Displays conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays information about all IPv6 address conflicts.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IPv6 address conflict information for the public network.

Usage guidelines

The DHCPv6 server creates IP address conflict information in the following conditions:

· The DHCPv6 client sends a DECLINE packet to the DHCPv6 server to inform the server of an IPv6 address conflict.

· The DHCPv6 server discovers that the only assignable address in the address pool is its own IPv6 address.

Examples

# Display information about all address conflicts.

<Sysname> display ipv6 dhcp server conflict

IPv6 address Detect time

2001::1 Apr 25 16:57:20 2019

1::1:2 Apr 25 17:00:10 2019

Table 5 Command output

Field	Description
IPv6 address	Conflicted IPv6 address.
Detect time	Time when the conflict was discovered.

Related commands

reset ipv6 dhcp server conflict

display ipv6 dhcp server database

Use display ipv6 dhcp server database to display information about DHCPv6 binding auto backup.

Syntax

display ipv6 dhcp server database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCPv6 binding auto backup.

<Sysname> display ipv6 dhcp server database

File name : database.dhcp

Username :

Password :

Update interval : 600 seconds

Latest write time : Feb 8 16:02:23 2014

Status : Last write succeeded.

Table 6 Command output

Field	Description
File name	Name of the DHCPv6 binding backup file.
Username	Username for accessing the URL of the remote backup file.
Password	Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.
Update interval	Waiting time in seconds after a DHCPv6 binding change for the DHCPv6 server to update the backup file.
Latest write time	Time of the latest update.
Status	Status of the update: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated.

display ipv6 dhcp server expired

Use display ipv6 dhcp server expired to display lease expiration information.

Syntax

display ipv6 dhcp server expired [ [ address ipv6-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

address ipv6-address: Displays lease expiration information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays lease expiration information for all IPv6 addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays lease expiration information about IPv6 addresses for the public network.

pool pool-name: Displays lease expiration information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays lease expiration information for all DHCPv6 address pools.

Usage guidelines

DHCPv6 assigns the expired IPv6 addresses to DHCPv6 clients when all available addresses have been assigned.

Examples

# Display all lease expiration information.

<Sysname> display ipv6 dhcp server expired

IPv6 address DUID Lease expiration

2001:3eff:fe80:4caa: 3030-3066-2e65-3230-302e- Apr 25 17:10:47 2019

37ee:7::1 3130-3234-2d45-7468-6572-

6e65-7430-2f31

Table 7 Command output

Field	Description
IPv6 address	Expired IPv6 address.
DUID	Client DUID bound to the expired IPv6 address.
Lease expiration	Time when the lease expired.

Related commands

reset ipv6 dhcp server expired

display ipv6 dhcp server ip-in-use

Use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6 addresses.

Syntax

display ipv6 dhcp server ip-in-use [ [ address ipv6-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

address ipv6-address: Displays binding information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays binding information for all IPv6 addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about IPv6 addresses for the public network.

pool pool-name: Displays IPv6 address binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays IPv6 address binding information for all DHCPv6 address pools.

Examples

# Display binding information for all assigned IPv6 address.

<Sysname> display ipv6 dhcp server ip-in-use

Pool: 1

IPv6 address Type Lease expiration

2:1::1 Auto(O) Jul 10 19:45:01 2019

Pool: 2

IPv6 address Type Lease expiration

1:1::2 Static(F) Not available

Pool: 3

IPv6 address Type Lease expiration

1:2::1F1 Static(O) Oct 9 09:23:31 2019

Pool: 4

IPv6 address Type Lease expiration

1:2::2 Auto(Z) Oct 11 09:23:31 2019

# Display binding information for all assigned IPv6 addresses for the specified DHCPv6 address pool.

<Sysname> display ipv6 dhcp server ip-in-use pool 1

Pool: 1

IPv6 address Type Lease expiration

2:1::1 Auto(O) Jul 10 22:22:22 2019

3:1::2 Static(C) Jan 1 11:11:11 2019

# Display binding information for the specified IPv6 address.

<Sysname> display ipv6 dhcp server ip-in-use address 2:1::3

Pool: 1

Client: FE80::C800:CFF0:FE18:0

Type: Auto(O)

DUID: 00030001CA000C180000

IAID: 0x00030001

IPv6 address: 2:1::3

Preferred lifetime 400, valid lifetime 500

Expires at Jul 10 09:45:01 2019 (288 seconds left)

Table 8 Command output

Field	Description
Pool	DHCPv6 address pool.
IPv6 address	IPv6 address assigned.
Type	IPv6 address binding types: · Static(F)—Free static binding whose IPv6 address has not been assigned. · Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. · Static(C)—Committed static binding whose IPv6 address has been assigned to the client. · Auto(O)—Offered dynamic binding whose IPv6 address has been dynamically selected by the DHCPv6 server and sent in a DHCPv6-OFFER packet to the DHCPv6 client. · Auto(C)—Committed dynamic binding whose IPv6 address has been dynamically assigned to the DHCPv6 client. · Auto(Z)—Zombie dynamic binding whose IPv6 address has been dynamically assigned to the DHCPv6 client. The binding becomes zombie because the subnet prefix goes invalid for address allocation after a configuration recovery, for example, after a switchover from the backup to the master.
Lease-expiration	Time when the lease of the IPv6 address will expire. If the lease expires after the year 2100, this field displays Expires after 2100. For an unassigned static binding, this field displays Not available.
Client	IPv6 address of the DHCPv6 client. For an unassigned static binding, this field is blank.
DUID	Client DUID.
IAID	Client IAID. For an unassigned static binding without IAID specified, this field displays N/A.
Preferred lifetime	Preferred lifetime in seconds of the IPv6 address.
valid lifetime	Valid lifetime in seconds of the IPv6 address.
Expires at	Time when the lease of an IPv6 address will expire. If the lease expires after the year 2100, this field displays Expires after 2100.

Related commands

reset ipv6 dhcp server ip-in-use

display ipv6 dhcp server pd-in-use

Use display ipv6 dhcp server pd-in-use to display binding information for the assigned IPv6 prefixes.

Syntax

display ipv6 dhcp server pd-in-use [ pool pool-name | [ prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays IPv6 prefix binding information for all DHCPv6 address pools.

prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. If you do not specify an IPv6 prefix, this command displays binding information for all IPv6 prefixes.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about IPv6 prefixes for the public network.

Examples

# Display all IPv6 prefix binding information.

<Sysname> display ipv6 dhcp server pd-in-use

Pool: 1

IPv6 prefix Type Lease expiration

2:1::/24 Auto(O) Jul 10 19:45:01 2019

Pool: 2

IPv6 prefix Type Lease expiration

1:1::/64 Static(F) Not available

Pool: 3

IPv6 prefix Type Lease expiration

1:2::/64 Static(O) Oct 9 09:23:31 2019

Pool: 4

IPv6 prefix Type Lease expiration

12::/80 Auto(Z) Oct 17 09:34:59 2019

# Display IPv6 prefix binding information for DHCPv6 address pool 1.

<Sysname> display ipv6 dhcp server pd-in-use pool 1

Pool: 1

IPv6 prefix Type Lease expiration

2:1::/24 Auto(O) Jul 10 22:22:22 2019

3:1::/64 Static(C) Jan 1 11:11:11 2019

# Display binding information for the IPv6 prefix 2:1::3/24.

<Sysname> display ipv6 dhcp server pd-in-use prefix 2:1::3/24

Pool: 1

Client: FE80::C800:CFF:FE18:0

Type: Auto(O)

DUID: 00030001CA000C180000

IAID: 0x00030001

IPv6 prefix: 2:1::/24

Preferred lifetime 400, valid lifetime 500

Expires at Jul 10 09:45:01 2019 (288 seconds left)

Table 9 Command output

Field	Description
IPv6 prefix	IPv6 prefix assigned.
Type	Prefix binding types: · Static(F)—Free static binding whose IPv6 prefix has not been assigned. · Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. · Static(C)—Committed static binding whose IPv6 prefix has been assigned to the client. · Auto(O)—Offered dynamic binding whose IPv6 prefix has been dynamically selected by the DHCPv6 server and sent in a DHCPv6-OFFER packet to the DHCPv6 client. · Auto(C)—Committed dynamic binding whose IPv6 prefix has been dynamically assigned to the DHCPv6 client. · Auto(Z)—Zombie dynamic binding whose IPv6 prefix has been dynamically assigned to the DHCPv6 client. The binding becomes zombie because the prefix in the prefix pool goes invalid after a configuration recovery, for example, after a switchover from the backup to the master.
Pool	Address pool.
Lease-expiration	Time when the lease of the IPv6 prefix will expire. If the lease will expire after the year 2100, this field displays Expires after 2100. For an unassigned static binding, this field displays Not available.
Client	IPv6 address of the DHCPv6 client. For an unassigned static binding, this field is blank.
DUID	Client DUID.
IAID	Client IAID. For an unassigned static binding without IAID, this field displays N/A.
Preferred lifetime	Preferred lifetime in seconds of the IPv6 prefix.
valid lifetime	Valid lifetime in seconds of the IPv6 prefix.
Expires at	Time when the lease of the prefix will expire. If the lease expires after the year 2100, this field displays Expires after 2100.

Related commands

reset ipv6 dhcp server pd-in-use

display ipv6 dhcp server statistics

Use display ipv6 dhcp server statistics to display DHCPv6 packet statistics on the DHCPv6 server.

Syntax

display ipv6 dhcp server statistics [ pool pool-name | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays DHCPv6 packet statistics for all address pools.

Examples

# Display all DHCPv6 packet statistics on the DHCPv6 server.

<Sysname> display ipv6 dhcp server statistics

Bindings:

Ip-in-use : 1

Pd-in-use : 0

Expired : 0

Conflict : 0

Packets received : 1

Solicit : 1

Request : 0

Confirm : 0

Renew : 0

Rebind : 0

Release : 0

Decline : 0

Information-request : 0

Relay-forward : 0

Packets dropped : 0

Packets sent : 0

Advertise : 0

Reconfigure : 0

Reply : 0

Relay-reply : 0

Table 10 Command output

Field	Description
Bindings	Number of bindings: · Ip-in-use—Total number of address bindings. · Pd-in-use—Total number of prefix bindings. · Expired—Total number of expired address bindings.
Conflict	Total number of conflicted addresses. If statistics about an address pool are displayed, this field is not displayed.
Packets received	Number of messages received by the DHCPv6 server. The message types include: · Solicit. · Request. · Confirm. · Renew. · Rebind. · Release. · Decline. · Information-request. · Relay-forward. If statistics about an address pool are displayed, this field is not displayed.
Packets dropped	Number of packets discarded. If statistics about an address pool are displayed, this field is not displayed.
Packets sent	Number of messages sent by the DHCPv6 server. The message types include: · Advertise. · Reconfigure. · Reply. · Relay-reply. If statistics about an address pool are displayed, this field is not displayed.

Related commands

reset ipv6 dhcp server statistics

dns-server

Use dns-server to specify a DNS server in a DHCPv6 address pool.

Use undo dns-server to remove the specified DNS server from a DHCPv6 address pool.

Syntax

dns-server ipv6-address

undo dns-server ipv6-address

Default

No DNS server address is specified.

Views

DHCPv6 address pool view

DHCPv6 option group view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of a DNS server.

Usage guidelines

You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference.

Examples

# Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] dns-server 2:2::3

Related commands

display ipv6 dhcp pool

domain-name

Use domain-name to specify a domain name in a DHCPv6 address pool.

Use undo domain-name to restore the default.

Syntax

domain-name domain-name

undo domain-name

Default

No domain name is specified.

Views

DHCPv6 address pool view

DHCPv6 option group view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name, a case-sensitive string of 1 to 50 characters.

Usage guidelines

You can configure only one domain name in an address pool. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the domain name example.com in DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] domain-name example.com

Related commands

display ipv6 dhcp pool

exhaustion log enable

Use exhaustion log enable to enable IPv6 resource exhaustion logging.

Use undo exhaustion log enable to restore the default.

Syntax

exhaustion log enable

undo exhaustion log enable

Default

IPv6 resource exhaustion logging is disabled.

Views

IPv6 address pool view

Predefined user roles

network-admin

Usage guidelines

This feature is supported for ODAPv6 client IPv6 address pools and common IPv6 address pools. It enables t he DHCPv6 module to send IPv6 resource exhaustion log messages to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the information center configuration, see Network Management and Monitoring Configuration Guide.

IPv6 resource exhaustion events include IPv6 resource exhaustion alarms and recoveries from IPv6 resource exhaustion alarm conditions.

The DHCPv6 module generates an IPv6 resource exhaustion log message when the IPv6 address pool encounters one of the following events:

NOTE:

If the IPv6 address usage or prefix usage of the pool is 100%, the DHCPv6 module generates an alarm message instead of a log message for one of the following events.

To set the IPv6 address usage threshold for an IPv6 address pool, use the ip-in-use threshold command. To set the IPv6 prefix usage threshold for an IPv6 address pool, use the pd-in-use threshold command.

‌

· The pool does not have assignable address resources or prefix resources.

· The IPv6 address usage or prefix usage of the pool drops to or below 90% after exhaustion.

You can use the following formulas to calculate the IPv6 resource usage of an IPv6 address pool:

· IPv6 address usage = (total number of IPv6 addresses – number of assignable IPv6 addresses )/total number of IPv6 addresses

· IPv6 prefix usage = (total number of IPv6 prefixes – number of assignable IPv6 prefixes)/total number of IPv6 prefixes

Examples

# Enable IPv6 resource exhaustion logging for IPv6 address pool pool1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1] exhaustion log enable

Related commands

display ipv6 dhcp pool

exhaustion trap enable

Use exhaustion trap enable to e n able IPv6 resource exhaustion alarming for an IPv6 address pool.

Use undo exhaustion trap enable to disable IPv6 resource exhaustion alarming for an IPv6 address.

Syntax

exhaustion trap enable

undo exhaustion trap enable

Default

IPv6 resource exhaustion alarming is enabled.

Views

IPv6 address pool view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to generate an alarm notification when the IPv6 resource usage of an IPv6 pool reaches 100%. To calculate the IPv6 resource usage of an IPv6 address pool, use the following formulas:

· IPv6 address usage = (total number of IPv6 addresses – number of assignable IPv6 addresses )/total number of IPv6 addresses

· IPv6 prefix usage = (total number of IPv6 prefixes – number of assignable IPv6 prefixes)/total number of IPv6 prefixes

For this feature to take effect, enable SNMP notifications for the DHCPv6 server by executing the snmp-agent trap enable ipv6 dhcp server address-exhaust pd-exhaust command first.

The DHCPv6 server might generate too many IPv6 resource exhaustion notifications for IPv6 address pools. To reduce the number of alarm notifications, disable IPv6 resource exhaustion alarming for an IPv6 address pool by using the undo exhaustion trap enable command.

Examples

# Disable IPv6 resource exhaustion alarming for IPv6 pool pool1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1] undo exhaustion trap enable

Related commands

display ipv6 dhcp pool

snmp-agent trap enable ipv6 dhcp server

if-match

Use if-match to configure a match rule for a DHCPv6 user class.

Use undo if-match to delete a match rule for a DHCPv6 user class.

Syntax

if-match rule rule-number { option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-ipv6-address }

undo if-match rule rule-number

Default

No match rules are configured for the DHCPv6 user class.

Views

DHCPv6 user class view

Predefined user roles

network-admin

Parameters

rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority.

option option-code: Specifies a DHCPv6 option by its number in the range of 1 to 65535.

ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.

offset offset: Specifies the offset in bytes after which the match operation starts. The value range is 0 to 65534. If you specify an ASCII string, a packet matches the rule if the option content after the offset is the same as the ASCII string. If you specify a hexadecimal number, a packet matches the rule if the option content of the specified length after the offset is the same as the hexadecimal number.

partial: Enables partial match. A packet matches the rule if the specified option in the packet contains the ASCII string or hexadecimal number specified in the rule. For example, if you specify abc in the rule, option content xabc, xyzabca, xabcyz, and abcxyz all match the rule.

hex hex-string: Specifies a hexadecimal number. The length of the hexadecimal number must be an even number in the range of 2 to 256.

mask mask: Specifies the mask for the match operation. The mask is a hexadecimal number whose length is an even number in the range of 2 to 256 and must be the same as the hex-string length. The DHCPv6 server selects option content of the mask length from the start and ANDs the selected option content and the specified hexadecimal number with the mask. The packet matches the rule if the two AND operation results are the same.

length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length.

relay-agent gateway-ipv6-address: Specifies a link-address field value. The value is an IPv6 address. A packet matches the rule if its link-address field value is the same as that in the rule.

Usage guidelines

If a DHCPv6 request sent by a DHCPv6 client matches a rule in a DHCPv6 user class, the DHCPv6 client matches the user class.

You can configure multiple match rules for a DHCPv6 user class. Each match rule is uniquely identified by a rule ID within its type (option or relay agent address).

· If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule.

· If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule. As a best practice, do not assign the same ID to rules of different types.

· Rules of different IDs cannot have the same rule content.

When you configure an if-match option rule, follow these guidelines:

· To match packets that contain an option, specify only the option-code argument.

· To match a hexadecimal number by AND operations, specify the option option-code hex hex-string mask mask options.

· To match a hexadecimal number directly, specify the option option-code hex hex-string [ offset offset length length | partial ] options. If you do not specify the offset, length, or partial parameter, a packet matches a rule if the option content starts with the hexadecimal number.

· To match an ASCII string, specify the option option-code ascii ascii-string [ offset offset | partial ] options. If you do not specify the offset or partial parameter, a packet matches a rule if the option content starts with the ASCII string.

Examples

# Configure match rule 1 for the DHCPv6 user class exam to match DHCPv6 requests that contain Option 16.

<Sysname> system-view

[Sysname] ipv6 dhcp class exam

[Sysname-dhcp6-class-exam] if-match rule 1 option 16

# Configure match rule 2 for the DHCPv6 user class exam. The rule matches DHCPv6 requests in which the highest bit of the fourth byte in Option 16 is the hexadecimal number 1.

<Sysname> system-view

[Sysname] ipv6 dhcp class exam

[Sysname-dhcp6-class-exam] if-match rule 2 option 16 hex 00000080 mask 00000080

# Configure match rule 3 for the DHCPv6 user class exam. The rule matches DHCPv6 requests in which the first three bytes of Option 16 are the hexadecimal number 13ae92.

<Sysname> system-view

[Sysname] ipv6 dhcp class exam

[Sysname-dhcp6-class-exam] if-match rule 3 option 16 hex 13ae92 offset 0 length 3

# Configure match rule 4 for the DHCPv6 user class exam. The rule matches DHCPv6 requests in which the Option 16 contains the hexadecimal number 13ae.

<Sysname> system-view

[Sysname] ipv6 dhcp class exam

[Sysname-dhcp6-class-exam] if-match rule 5 option 16 hex 13ae partial

# Configure match rule 5 for the DHCPv6 user class exam to match DHCPv6 requests in which the link-address field is 2001::1.

<Sysname> system-view

[Sysname] ipv6 dhcp class exam

[Sysname-dhcp6-class-exam] if-match rule 5 relay-agent 2001::1

Related commands

ipv6 dhcp class

ip-in-use threshold

Use ip-in-use threshold to set the IPv6 address usage threshold for an IPv6 address pool.

Use undo ip-in-use threshold to restore the default.

Syntax

ip-in-use threshold threshold-value

undo ip-in-use threshold

Default

The IPv6 address usage threshold for an IPv6 address pool is 100%.

Views

IPv6 pool view

BAS IPv6 pool view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies an IPv6 address usage threshold, in percentage. The value range for this argument is 0 to 100.

Usage guidelines

The DHCPv6 module sends an SNMP notification to the SNMP module and a log message to the information center when one of the following events occurs:

· The IPv6 address usage of an IPv6 address pool reaches or exceeds the threshold.

· The IPv6 address usage of an IPv6 address pool drops below 90% of the threshold after a threshold violation.

To send SNMP notifications about these events, use the snmp-agent trap enable ipv6 dhcp server command to configure the DHCPv6 module. For DHCP notifications to be sent correctly, you must configure the SNMP module on the device. For more information about configuring the SNMP module, see Network Management and Monitoring Configuration Guide.

With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.

You can review and analyze these notifications and log messages to determine the actions to take. For example, you can expand the address pool to accommodate all users.

If you execute this command multiple times in the same IPv6 pool view, the most recent configuration takes effect.

Examples

# Set the IPv6 address usage threshold for IPv6 address pool pool1 to 75%.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1] ip-in-use threshold 75

Related commands

snmp-agent trap enable ipv6 dhcp server

ipv6 dhcp apply-policy

Use ipv6 dhcp apply-policy to apply a DHCPv6 policy to an interface.

Use undo ipv6 dhcp apply-policy to restore the default.

Syntax

ipv6 dhcp apply-policy policy-name

undo ipv6 dhcp apply-policy

Default

No DHCPv6 policy is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a DHCPv6 policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can apply only one DHCPv6 policy to an interface. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Apply the DHCPv6 policy test to VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp apply-policy test

Related commands

ipv6 dhcp class

Use ipv6 dhcp class to create a DHCPv6 user class and enter its view, or enter the view of an existing DHCPv6 user class.

Use undo ipv6 dhcp class to delete the specified DHCPv6 user class.

Syntax

ipv6 dhcp class class-name

undo ipv6 dhcp class class-name

Default

No DHCPv6 user classes exist.

Views

System view

Predefined user roles

network-admin

Parameters

class-name: Specifies a name for the DHCPv6 user class, a case-insensitive string of 1 to 63 characters.

Usage guidelines

In the DHCPv6 user class view, you can use the if-match command to configure match rules for user classification.

Examples

# Create a DHCPv6 user class test and enter DHCPv6 user class view.

<Sysname> system-view

[Sysname] ipv6 dhcp class test

[Sysname-dhcp6-class-test]

Related commands

class pool

ipv6 dhcp policy

if-match

ipv6 dhcp option-group

Use ipv6 dhcp option-group to create a static DHCPv6 option group and enter its view.

Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group.

Syntax

ipv6 dhcp option-group option-group-number

undo ipv6 dhcp option-group option-group-number

Default

No static DHCPv6 option groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

option-group-number: Assigns an ID to the static option group, in the range of 1 to 100.

Usage guidelines

A static DHCPv6 option group can use the same ID as a dynamic DHCPv6 option group. If a static DHCPv6 option group and a dynamic DHCPv6 option group use the same ID, the static one takes precedence over the dynamic one.

Examples

# Create static DHCPv6 option group 1 and enter its view.

<Sysname> system-view

[Sysname] ipv6 dhcp option-group 1

[Sysname-dhcp6-option-group-1]

Related commands

display ipv6 dhcp option-group

ipv6 dhcp policy

Use ipv6 dhcp policy to create a DHCPv6 policy and enter its view, or enter the view of an existing DHCPv6 policy.

Use undo ipv6 dhcp policy to delete a DHCPv6 policy.

Syntax

ipv6 dhcp policy policy-name

undo ipv6 dhcp policy policy-name

Default

No DHCPv6 policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Assigns a name to the DHCPv6 policy. The policy name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

In DHCPv6 policy view, you can specify address pools for different user classes. Clients matching a user class will obtain IPv6 addresses and other parameters from the specified address pool.

For a DHCPv6 policy to take effect, you must apply it to an interface.

Examples

# Create DHCPv6 policy test and enter its view.

<Sysname> system-view

[Sysname] ipv6 dhcp policy test

[Sysname-dhcp6-policy-test]

Related commands

class pool

default pool

ipv6 dhcp apply-policy

ipv6 dhcp class

ipv6 dhcp pool

Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view, or enter the view of an existing DHCPv6 address pool.

Use undo ipv6 dhcp pool to delete the specified DHCPv6 address pool.

Syntax

ipv6 dhcp pool pool-name

undo ipv6 dhcp pool pool-name

Default

No DHCPv6 address pools exist.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters.

Usage guidelines

A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be assigned to DHCPv6 clients.

When you delete a DHCPv6 address pool, binding information for the assigned IPv6 addresses and prefixes in the address pool is also deleted.

Examples

# Create a DHCPv6 address pool named pool1 and enter its view.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1]

Related commands

class pool

display ipv6 dhcp pool

ipv6 dhcp server apply pool

ipv6 dhcp prefix-pool

Use ipv6 dhcp prefix-pool to create a prefix pool and specify the prefix and the assigned prefix length for the pool.

Use undo ipv6 dhcp prefix-pool to delete the specified prefix pool.

Syntax

ipv6 dhcp prefix-pool prefix-pool-number prefix { prefix-number | prefix/prefix-len } assign-len assign-len [ vpn-instance vpn-instance-name ]

undo ipv6 dhcp prefix-pool prefix-pool-number [ vpn-instance vpn-instance-name ]

Default

No prefix pools exist.

Views

System view

Predefined user roles

network-admin

Parameters

prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128.

prefix { prefix-number | prefix/prefix-len }: Specifies a prefix by its ID or in the format of prefix/prefix length. The value range for the prefix-number argument is 1 to 1024. The value range for the prefix-len argument is 1 to 128.

assign-len assign-len: Specifies the assigned prefix length. The value range is 1 to 128, and the value must be greater than or equal to prefix-len. The difference between assign-len and prefix-len must be no more than 16.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To create a prefix pool for the public network, do not specify this option.

Usage guidelines

Different prefix pools cannot overlap.

To modify a prefix pool, execute the undo ipv6 dhcp prefix-pool command to delete the prefix pool, and then execute the ipv6 dhcp prefix-pool command.

Deleting a prefix pool clears all prefix bindings from the prefix pool.

When you specify a prefix by its ID, follow these restrictions and guidelines:

· This command does not take effect if the prefix does not exist. This command takes effect after the prefix is created.

· Do not specify the same prefix for different prefix pools in a VPN.

· If the prefix that the ID represents is changed, the prefix range in the prefix pool accordingly changes.

Examples

# Create IPv6 prefix 88:99::/32 with ID 3. Configure prefix pool 2 with IPv6 prefix 3 and an assigned prefix length of 42. Prefix pool 2 contains 1024 prefixes from 88:99::/42 to 88:99:FFC0::/42.

<Sysname> system-view

[Sysname] ipv6 prefix 3 88:99::/32

[Sysname] ipv6 dhcp prefix-pool 2 prefix 3 assign-len 42

# Create prefix pool 1, and specify prefix 2001:0410::/32 with an assigned prefix length of 42. Prefix pool 1 contains 1024 prefixes from 2001:0410::/42 to 2001:0410:FFC0::/42.

<Sysname> system-view

[Sysname] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 42

Related commands

display ipv6 dhcp prefix-pool

prefix-pool

ipv6 dhcp server

Use ipv6 dhcp server to configure global address assignment on an interface. The server on the interface uses a global address pool to assign configuration information to a client.

Use undo ipv6 dhcp server to restore the default.

Syntax

ipv6 dhcp server { allow-hint | preference preference-value | rapid-commit } *

undo ipv6 dhcp server

Default

The server supports global address assignment, but it does not support desired address/prefix assignment or rapid address/prefix assignment. The server preference is not set.

Views

Interface view

Predefined user roles

network-admin

Parameters

allow-hint: Enables desired address/prefix assignment.

preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. A greater value represents a higher preference.

rapid-commit: Enables rapid address/prefix assignment involving two messages.

Usage guidelines

The allow-hint keyword enables the server to assign the desired address or prefix to the requesting client. If the desired address or prefix is not included in any global address pool, or is already assigned to another client, the server assigns the client a free address or a prefix. If the allow-hint keyword is not specified, the server ignores the desired address or prefix, and selects an address or prefix from a global address pool.

If you use the ipv6 dhcp server and ipv6 dhcp server apply pool commands on the same interface, the ipv6 dhcp server apply pool command takes effect.

Examples

# Configure global address assignment on the interface VLAN-interface 2. Use the desired address/prefix assignment and rapid address/prefix assignment, and set the server preference to the highest 255.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit

Related commands

display ipv6 dhcp server

ipv6 dhcp select

ipv6 dhcp server apply pool

Use ipv6 dhcp server apply pool to apply a DHCPv6 address pool to an interface.

Use undo ipv6 dhcp server apply pool to restore the default.

Syntax

ipv6 dhcp server apply pool pool-name [ allow-hint | preference preference-value | rapid-commit ] *

undo ipv6 dhcp server apply pool

Default

No DHCPv6 address pool is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters.

allow-hint: Enables desired address/prefix assignment.

preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. A greater value represents a higher preference. By default, the server preference is not set.

rapid-commit: Enables rapid address/prefix assignment involving two messages.

Usage guidelines

Upon receiving a DHCPv6 request, the DHCPv6 server selects an IPv6 address or prefix from the address pool applied to the receiving interface. If no address pool is applied, the server selects an IPv6 address or prefix from a global address pool that matches the IPv6 address of the receiving interface or the DHCPv6 relay agent.

The allow-hint keyword enables the server to assign the desired address or prefix to the client. If the desired address or prefix does not exist or is already assigned to another client, the server assigns a free address or prefix. If allow-hint is not specified, the server ignores the desired address or prefix, and assigns a free address or prefix.

Only one address pool can be applied to an interface. If you execute this command multiple times, the most recent configuration takes effect.

A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created.

Examples

# Apply address pool 1 to VLAN-interface 2, configure the address pool to support desired address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp server apply pool 1 allow-hint preference 255 rapid-commit

Related commands

display ipv6 dhcp server

ipv6 dhcp pool

ipv6 dhcp select

ipv6 dhcp server database filename

Use ipv6 dhcp server database filename to configure the DHCPv6 server to back up the DHCPv6 bindings to a file.

Use undo ipv6 dhcp server database filename to restore the default.

Syntax

ipv6 dhcp server database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo ipv6 dhcp server database filename

Default

The DHCPv6 server does not back up the DHCPv6 bindings.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file. The URL is a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL.

username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL of the remote backup file.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.

Usage guidelines

The command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCPv6 server backs up its bindings immediately and runs auto backup. The server, by default, waits 300 seconds after a binding change to update the backup file. You can use the ipv6 dhcp server database update interval command to change the waiting time. If no DHCPv6 binding changes, the backup file is not updated.

As a best practice, back up the bindings to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCPv6 server to malfunction.

When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

· If the file is on an FTP server, enter URL in the format of ftp://server address:port/file path, where the port number is optional. The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

· If the file is on a TFTP server, enter URL in the format of tftp://server address:port/file path, where the port number is optional.

· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCPv6 server to back up its bindings to the file database.dhcp

<Sysname> system-view

[Sysname] ipv6 dhcp server database filename database.dhcp

# Configure the DHCPv6 server to back up its bindings to the file database.dhcp in the working directory of the FTP server at 10::1.

<Sysname> system-view

[Sysname] ipv6 dhcp server database filename url ftp://[10::1]/database.dhcp username 1 password simple 1

Related commands

ipv6 dhcp server database update interval

ipv6 dhcp server database update now

ipv6 dhcp server database update stop

ipv6 dhcp server database update interval

Use ipv6 dhcp server database update interval to set the waiting time for the DHCPv6 server to update the backup file after a DHCPv6 binding change.

Use undo ipv6 dhcp server database update interval to restore the default.

Syntax

ipv6 dhcp server database update interval interval

undo ipv6 dhcp server database update interval

Default

The DHCPv6 server waits 300 seconds to update the backup file after a DHCPv6 binding change. If no DHCPv6 binding changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the waiting time in the range of 60 to 864000 seconds.

Usage guidelines

When a DHCPv6 binding is created, updated, or removed, the waiting period starts. The DHCPv6 server updates the backup file when the waiting period is reached. All bindings changed during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCPv6 binding auto backup by using the ipv6 dhcp server database filename command.

Examples

# Set the waiting time to 600 seconds for the DHCPv6 server to update the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp server database update interval 600

Related commands

ipv6 dhcp server database filename

ipv6 dhcp server database update now

ipv6 dhcp server database update stop

ipv6 dhcp server database update now

Use ipv6 dhcp server database update now to manually save the DHCPv6 bindings to the backup file.

Syntax

ipv6 dhcp server database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCPv6 bindings are saved to the backup file.

For this command to take effect, you must configure the DHCPv6 auto backup by using the ipv6 dhcp server database filename command.

Examples

# Manually save the DHCPv6 bindings to the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp server database update now

Related commands

ipv6 dhcp server database filename

ipv6 dhcp server database update interval

ipv6 dhcp server database update stop

Use ipv6 dhcp server database update stop to terminate the download of DHCPv6 bindings from the backup file.

Syntax

ipv6 dhcp server database update stop

Views

System view

Predefined user roles

network-admin

Usage guidelines

The DHCPv6 server does not provide services during the binding download process. If the connection breaks up during the process, the waiting timeout timer is 60 minutes. When the timer expires, the DHCPv6 server stops waiting and starts providing address allocation services. You can execute this command to terminate the download immediately.

Manual termination allows the DHCPv6 server to provide services without waiting for the connection to be repaired. The IPv6 addresses and prefixes associated with the undownloaded bindings will be assigned to clients and address conflicts might occur.

Examples

# Terminate the download of the backup DHCPv6 bindings.

<Sysname> system-view

[Sysname] ipv6 dhcp server database update stop

Related commands

ipv6 dhcp server database filename

ipv6 dhcp server database update interval

ipv6 dhcp server database update now

ipv6 dhcp server entry-convert enable

Use ipv6 dhcp server entry-convert enable to enable IPv6 address binding conversion for IP source guard.

Use undo ipv6 dhcp server entry-convert enable to disable IPv6 address binding conversion for IP source guard.

Syntax

ipv6 dhcp server entry-convert enable

undo ipv6 dhcp server entry-convert enable

Default

IPv6 address binding conversion for IP source guard is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In a VXLAN network, the VXLAN IP gateway acts as the DHCPv6 server to assign IPv6 addresses to users and reports user information to the controller. The user information report supports only IP source guard entries based on which the controller manages and monitors users. For the DHCPv6 server to report all DHCPv6 user information, use this feature to enable the server to convert user IPv6 address bindings to dynamic IP source guard bindings.

If the device does not have enough storage space, execute the undo ipv6 dhcp server entry-convert enable command to disable this feature. The system does not delete IP source guard bindings that have been converted before you disable this feature.

For more information about IP source guard, see Security Configuration Guide.

Examples

# Enable IPv6 address binding conversion for IP source guard.

<Sysname> system-view

[Sysname] ipv6 dhcp server entry-convert enable

ipv6 dhcp server forbidden-address

Use ipv6 dhcp server forbidden-address to exclude IPv6 addresses in the DHCPv6 address pool from dynamic allocation.

Use undo ipv6 dhcp server forbidden-address to remove the configuration.

Syntax

ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ]

undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ]

Default

Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable.

Views

System view

Predefined user roles

network-admin

Parameters

start-ipv6-address: Specifies the start IPv6 address.

end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address. If you do not specify an end IPv6 address, only the start IPv6 address is excluded from dynamic allocation. If you specify an end IPv6 address, the IP addresses from start-ipv6-address through end-ipv6-address are all excluded from dynamic allocation.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the excluded IPv6 addresses belong to the public network, do not specify this option.

Usage guidelines

The IPv6 addresses of some devices such as the gateway and FTP server cannot be assigned to clients. Use this command to exclude such addresses from dynamic allocation.

If the excluded IPv6 address is in a static DHCPv6 binding, the address can still be assigned to the client.

The address or address range specified in the undo form of the command must be the same as the address or address range specified in the command. To remove an IP address that has been specified as part of an address range, you must remove the entire address range.

You can execute this command multiple times to exclude multiple IPv6 address ranges from dynamic allocation.

Examples

# Exclude IPv6 addresses of 2001:10:110::1 through 2001:10:110::20 from dynamic assignment.

<Sysname> system-view

[Sysname] ipv6 dhcp server forbidden-address 2001:10:110::1 2001:10:110::20

Related commands

ipv6 dhcp server forbidden-prefix

static-bind

ipv6 dhcp server forbidden-prefix

Use ipv6 dhcp server forbidden-prefix to exclude IPv6 prefixes in the DHCPv6 prefix pool from dynamic allocation.

Use undo ipv6 dhcp server forbidden-prefix to remove the configuration.

Syntax

ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ]

undo ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ]

Default

No IPv6 prefixes in the DHCPv6 prefix pool are excluded from dynamic allocation.

Views

System view

Predefined user roles

network-admin

Parameters

start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128.

end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128. The value for end-prefix cannot be lower than that for start-prefix. If you do not specify this argument, only the start-prefix/prefix-len is excluded from dynamic allocation. If you specify this argument, the prefixes from start-prefix/prefix-len to end-prefix/prefix-len are all excluded.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the excluded IPv6 prefixes belong to the public network, do not specify this option.

Usage guidelines

If the excluded IPv6 prefix is in a static binding, the prefix can still be assigned to the client.

The prefix or prefix range specified in the undo form of the command must be the same as the prefix or prefix range specified in the command. To remove a prefix that has been specified as part of a prefix range, you must remove the entire prefix range.

You can execute this command multiple times to exclude multiple IPv6 prefix ranges from dynamic allocation.

Examples

# Exclude IPv6 prefixes from 2001:3e11::/32 through 2001:3eff::/32 from dynamic allocation.

<Sysname> system-view

[Sysname] ipv6 dhcp server forbidden-prefix 2001:3e11::/32 2001:3eff::/32

Related commands

ipv6 dhcp server forbidden-address

static-bind

network

Use network to specify an IPv6 subnet for dynamic allocation in a DHCPv6 address pool.

Use undo network to restore the default.

Syntax

network { prefix/prefix-length | prefix prefix-number [ sub-prefix/sub-prefix-length ] } [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] [ export-route ]

undo network

Default

No IPv6 subnet is specified in a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for the prefix-length argument is 1 to 128.

prefix prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024.

sub-prefix/sub-prefix-length: Specifies an IPv6 sub-prefix and its length. The value range for the sub-prefix-length argument is 1 to 128. If the IPv6 prefix is longer than the IPv6 sub-prefix or if you do not specify an IPv6 sub-prefix, the IPv6 subnet defined by the IPv6 prefix is used for dynamic allocation.

preferred-lifetime preferred-lifetime: Sets the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).

valid-lifetime valid-lifetime: Sets the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime must be longer than or equal to the preferred lifetime.

export-route: Advertises the subnet assigned to DHCPv6 clients. If you do not specify this keyword, the subnet will not be advertised.

Usage guidelines

You can specify only one subnet for a DHCPv6 address pool. If you execute the network command multiple times, the most recent configuration takes effect.

Modifying or removing the network command configuration removes assigned addresses in the current address pool.

If you execute the network export-route command multiple times, the most recent configuration takes effect.

The network prefix command does not take effect if the specified IPv6 prefix does not exist. This command takes effect after the IPv6 prefix is created.

The network command defines the IPv6 subnet for dynamic allocation through the prefix/prefix-length arguments or the prefix-number [ sub-prefix/sub-prefix-length ] arguments. The IPv6 subnets cannot be the same in different DHCPv6 address pools.

If the prefix that the ID represents is changed, the IPv6 subnet in this command accordingly changes, and the assigned prefix and address bindings are cleared.

Examples

# Specify the subnet 3ffe:501:ffff:100::/64 in DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64

# Create IPv6 prefix 88:99::/32 with the prefix ID 3. Create DHCPv6 address pool 1 and use the IPv6 subnet defined by the IPv6 prefix for dynamic allocation.

<Sysname> system-view

[Sysname] ipv6 prefix 3 88:99::/32

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] network prefix 3

# Create IPv6 prefix 88:99::/32 with the prefix ID 3. Create DHCPv6 address pool 1 and use IPv6 subnet 88:99:ffff:100::/64 defined by IPv6 prefix 3 and IPv6 sub-prefix 3ffe:501:ffff:100::/64 for dynamic allocation. The first 32 bits of the IPv6 subnet are determined by IPv6 prefix 3. The bits 33 to 64 of the IPv6 subnet are determined by the IPv6 sub-prefix and its length. The prefix length of the IPv6 subnet is the IPv6 sub-prefix length.

<Sysname> system-view

[Sysname] ipv6 prefix 3 88:99::/32

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] network prefix 3 3ffe:501:ffff:100::/64

Related commands

address range

display ipv6 dhcp pool

temporary address range

option

Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool.

Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool.

Syntax

option code hex hex-string

undo option code

Default

No self-defined DHCPv6 option is configured in a DHCPv6 address pool.

Views

DHCPv6 address pool view

DHCPv6 option group view

Predefined user roles

network-admin

Parameters

code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25 through 26, 37 through 40, and 43 through 48.

hex hex-string: Specifies the content of the option, a hexadecimal number whose length is an even number in the range of 2 to 256.

Usage guidelines

The DHCPv6 server fills the self-defined option with the specified hexadecimal number and sends it in a response to the client.

You can self-define options for the following purposes:

· Add newly released options.

· Add options for which the vendor defines the contents, for example, Option 43.

· Add options for which the CLI does not provide a dedicated configuration command like dns-server. For example, you can use the option 31 hex 02000000000000000000000000000001 command to define the NTP server address 200::1 for DHCPv6 clients.

If a DHCPv6 option is specified by both the dedicated command and the option command, the DHCPv6 server preferentially assigns the content specified by the dedicated command. For example, if a DNS server address is specified by the dns-server command and the option 23 command, the server uses the address specified by dns-server command.

If you execute this command multiple times with the same code specified, the most recent configuration takes effect.

Examples

# Configure Option 23 that specifies a DNS server address 2001:f3e0::1 in DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] option 23 hex 2001f3e0000000000000000000000001

Related commands

display ipv6 dhcp pool

dns-server

domain-name

sip-server

option-group

Use option-group to specify a DHCPv6 option group for a DHCPv6 address pool.

Use undo option-group to restore the default.

Syntax

option-group option-group-number

undo option-group

Default

No DHCPv6 option group is specified for a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

option-group--number: Specifies a DHCPv6 option group by its number in the range of 1 to 100.

Examples

# Specify DHCPv6 option group 1 for DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] option-group 1

Related commands

display ipv6 dhcp pool

ipv6 dhcp option-group

pd-in-use threshold

Use pd-in-use threshold to set t he prefix usage threshold for an IPv6 address pool.

Use undo pd-in-use threshold to restore the default.

Syntax

pd-in-use threshold threshold-value

undo pd-in-use threshold

Default

The prefix usage threshold for an IPv6 address pool is 100%.

Views

IPv6 address pool view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies a prefix usage threshold, in percentage. The value range for this argument is 0 to 100.

Usage guidelines

The messages generated by the DHCPv6 module varies by threshold as follows:

· If you set the prefix usage threshold to 100%, the DHCPv6 module will send a message to the SNMP module when one of the following events occurs:

¡ The prefix usage of the IPv6 pool reaches 100%.

¡ The prefix usage of the IPv6 pool drops below 90% after a threshold violation.

· If you set the prefix usage threshold to a value less than 100%, the DHCPv6 module sends a message to the SNMP module and a log message to the information center when one of the following events occurs:

¡ The prefix usage of the IPv6 pool reaches or exceeds the threshold.

¡ The prefix usage of the IPv6 pool drops below 90% of the threshold after a threshold violation.

· If you set the prefix usage threshold to 0, the DHCPv6 module will not generate any SNMP notification or log message for a threshold crossing event.

To enable the DHCPv6 module to send SNMP notifications, use the snmp-agent trap enable ipv6 dhcp server command to configure the DHCPv6 module.

For DHCP notifications to be sent correctly, you must configure the SNMP module on the device. For more information about configuring the SNMP module, see Network Management and Monitoring Configuration Guide.

Examples

# Set the prefix usage threshold to 75% for IPv6 address pool pool1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool pool1

[Sysname-dhcp6-pool-pool1] pd-in-use threshold 75

Related commands

display ipv6 dhcp pool

snmp-agent trap enable ipv6 dhcp server

prefix-pool

Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client.

Use undo prefix-pool to remove the prefix pool.

Syntax

prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]

undo prefix-pool prefix-pool-number

Default

No prefix pool is applied to a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128.

preferred-lifetime preferred-lifetime: Sets the preferred lifetime in the range of 60 to 4294967295 seconds. The default value is 604800 seconds (7 days).

valid-lifetime valid-lifetime: Sets the valid lifetime in the range of 60 to 4294967295 seconds. The default value is 2592000 seconds (30 days). The valid lifetime must be longer than or equal to the preferred lifetime.

Usage guidelines

Only one prefix pool can be applied to an address pool.

You can apply a prefix pool that has not been created to an address pool. The setting takes effect after the prefix pool is created.

To modify the prefix pool in a DHCPv6 address pool, execute the undo prefix-pool command to remove the prefix pool, and then execute the prefix-pool command.

Examples

# Apply prefix pool 1 to address pool 1, and use the default preferred lifetime and valid lifetime.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] prefix-pool 1

# Apply prefix pool 2 to address pool 2, and set the preferred lifetime to one day and the valid lifetime to three days.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 2

[Sysname-dhcp6-pool-2] prefix-pool 2 preferred-lifetime 86400 valid-lifetime 259200

Related commands

display ipv6 dhcp pool

ipv6 dhcp prefix-pool

reset ipv6 dhcp server conflict

Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information.

Syntax

reset ipv6 dhcp server conflict [ address ipv6-address ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command clears all IPv6 address conflict information.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears conflict information about IPv6 addresses for the public network.

Usage guidelines

Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After the conflicts are resolved, you can use the reset ipv6 dhcp server conflict command to clear conflict information so that the conflicted addresses can be assigned to clients.

Examples

# Clear all IPv6 address conflict information.

<Sysname> reset ipv6 dhcp server conflict

Related commands

display ipv6 dhcp server conflict

reset ipv6 dhcp server expired

Use reset ipv6 dhcp server expired to clear binding information for lease-expired IPv6 addresses.

Syntax

reset ipv6 dhcp server expired [ [ address ipv6-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

address ipv6-address: Clears binding information for the specified lease-expired IPv6 address. If you do not specify an IPv6 address, this command clears binding information for all lease-expired IPv6 address.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information about lease-expired IPv6 addresses for the public network.

pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information for lease-expired IPv6 addresses in all address pools.

Examples

# Clear binding information for expired IPv6 address 2001:f3e0::1.

<Sysname> reset ipv6 dhcp server expired address 2001:f3e0::1

Related commands

display ipv6 dhcp server expired

reset ipv6 dhcp server ip-in-use

Use reset ipv6 dhcp server ip-in-use to clear binding information for assigned IPv6 addresses.

Syntax

reset ipv6 dhcp server ip-in-use [ [ address ipv6-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

address ipv6-address: Clears binding information for the specified assigned IPv6 address. If you do not specify an IPv6 address, this command clears binding information for all assigned IPv6 addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information about assigned IPv6 addresses for the public network.

pool pool-name: Clears binding information for assigned IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information for assigned IPv6 addresses in all address pools.

Usage guidelines

If you execute this command to clear information about an assigned static binding, the static binding becomes a free static binding.

Examples

# Clear binding information for all assigned IPv6 addresses.

<Sysname> reset ipv6 dhcp server ip-in-use

# Clears binding information for assigned IPv6 addresses in DHCPv6 address pool 1.

<Sysname> reset ipv6 dhcp server ip-in-use pool 1

# Clears binding information for the assigned IPv6 address 2001:0:0:1::1.

<Sysname> reset ipv6 dhcp server ip-in-use address 2001:0:0:1::1

Related commands

display ipv6 dhcp server ip-in-use

reset ipv6 dhcp server pd-in-use

Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes.

Syntax

reset ipv6 dhcp server pd-in-use [ pool pool-name | [ prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ] ]

Views

User view

Predefined user roles

network-admin

Parameters

pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information for assigned IPv6 prefixes in all address pools.

prefix prefix/prefix-len: Clears binding information for the specified assigned IPv6 prefix. The value range for the prefix length is 1 to 128. If you do not specify an IPv6 prefix, this command clears binding information for all assigned IPv6 prefixes.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information about assigned IPv6 prefixes for the public network.

Usage guidelines

If you execute this command to clear information about an assigned static binding, the static binding becomes a free static binding.

Examples

# Clear binding information for all assigned IPv6 prefixes.

<Sysname> reset ipv6 dhcp server pd-in-use

# Clears binding information for assigned IPv6 prefixes in DHCPv6 address pool 1.

<Sysname> reset ipv6 dhcp server pd-in-use pool 1

# Clears binding information for the assigned IPv6 prefix 2001:0:0:1::/64.

<Sysname> reset ipv6 dhcp server pd-in-use prefix 2001:0:0:1::/64

Related commands

display ipv6 dhcp server pd-in-use

reset ipv6 dhcp server statistics

Use reset ipv6 dhcp server statistics to clear DHCPv6 server statistics.

Syntax

reset ipv6 dhcp server statistics [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

Examples

# Clear DHCPv6 server statistics.

<Sysname> reset ipv6 dhcp server statistics

Related commands

display ipv6 dhcp server statistics

sip-server

Use sip-server to specify the IPv6 address or domain name of a SIP server in the DHCPv6 address pool.

Use undo sip-server to remove a SIP server.

Syntax

sip-server { address ipv6-address | domain-name domain-name }

undo sip-server { address ipv6-address | domain-name domain-name }

Default

No SIP server address or domain name is specified.

Views

DHCPv6 address pool view

DHCPv6 option group view

Predefined user roles

network-admin

Parameters

address ipv6-address: Specifies the IPv6 address of a SIP server.

domain-name domain-name: Specifies the domain name of a SIP server, a case-insensitive string of 1 to 50 characters.

Usage guidelines

You can specify up to eight SIP server addresses and eight SIP server domain names in an address pool. A SIP server that is specified earlier has a higher preference.

Examples

# Specify the SIP server address 2:2::4 in DHCPv6 address pool 1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] sip-server address 2:2::4

# Specify the SIP server domain name example.com in DHCPv6 address pool 1.

[Sysname-dhcp6-pool-1] sip-server domain-name example.com

Related commands

display ipv6 dhcp pool

snmp-agent trap enable ipv6 dhcp server

Use snmp-agent trap enable ipv6 dhcp server to enable SNMP notifications for the DHCPv6 server.

Use undo snmp-agent trap enable ipv6 dhcp server to disable SNMP notifications for the DHCPv6 server.

Syntax

snmp-agent trap enable ipv6 dhcp server [ address-exhaust | ip-in-use | pd-exhaust | pd-in-use ] *

undo snmp-agent trap enable ipv6 dhcp server [ address-exhaust | ip-in-use | pd-exhaust | pd-in-use ] *

Default

SNMP notifications are enabled for the DHCPv6 server.

Views

System view

Predefined user roles

network-admin

Parameters

address-exhaust: Specifies IPv6 address exhaustion notifications. An IPv6 address exhaustion notification is generated when an IPv6 address exhaustion event occurs. IPv6 address exhaustion events include address exhaustion alarms and recoveries from address exhaustion conditions.

ip-in-use: Specifies IPv6 address usage notifications. An IPv6 address usage notification is generated when an event of IPv6 address usage threshold violation occurs. Events of IPv6 address usage threshold violation include threshold violation alarms and recoveries from threshold violation conditions. If you specify this keyword, the DHCPv6 server will poll the IPv6 address usage of each IPv6 pool at specific intervals. The IPv6 address usage threshold is set by using the ip-in-use threshold command.

pd-exhaust: Specifies IPv6 prefix exhaustion notifications. An IPv6 prefix exhaustion notification is generated when all IPv6 prefixes in an IPv6 address pool are used up or when an IPv6 address pool recovers from an IPv6 prefix exhaustion condition.

pd-in-use: Specifies IPv6 prefix usage notifications. An IPv6 prefix usage notification is generated when an event of IPv6 prefix usage threshold violation occurs. Events of IPv6 prefix usage threshold violation include threshold violation alarms and recoveries from threshold violation conditions. If you specify this keyword, the DHCPv6 server will poll the prefix usage of each IPv6 pool at specific intervals. The prefix usage threshold is set by using the pd-in-use threshold command.

Usage guidelines

If you do not specify any parameters, this command enables SNMP notifications for all types of DHCPv6 server events.

The DHCPv6 server reports critical DHCPv6 server events in SNMP notifications. For DHCPv6 server event notifications to be sent correctly, you must also configure SNMP on the device. For more information about configuring SNMP, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for all types of events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ipv6 dhcp server

# Disable SNMP IPv6 address exhaustion alarm notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ipv6 dhcp server address-exhaust

# Disable SNMP IPv6 address usage alarm notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ipv6 dhcp server ip-in-use

# Disable SNMP IPv6 prefix exhaustion alarm notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ipv6 dhcp server pd-exhaust

# Disable SNMP IPv6 prefix usage alarm notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ipv6 dhcp server pd-in-use

Related commands

ip-in-use threshold

pd-in-use threshold

snmp-agent target-host (Network Management and Monitoring Command Reference)

static-bind

Use static-bind to statically bind an IPv6 address or prefix to a client in the DHCPv6 address pool.

Use undo static-bind to delete a static binding.

Syntax

static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]

undo static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len }

Default

No static binding is configured in a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

address ipv6-address/addr-prefix-length: Specifies the IPv6 address and prefix length. The value range for the prefix length is 1 to 128.

prefix prefix/prefix-len: Specifies the prefix and prefix length. The value range for the prefix length is 1 to 128.

duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256.

iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF. If you do not specify an IAID, the server does not match the client IAID for prefix assignment.

preferred-lifetime preferred-lifetime: Sets the preferred lifetime of the address or prefix. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).

valid-lifetime valid-lifetime: Sets the valid lifetime of the address or prefix. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred lifetime.

Usage guidelines

You can specify multiple static bindings in a DHCPv6 address pool.

An IPv6 address or prefix can be bound to only one DHCPv6 client.

To modify a static binding, execute the undo static-bind command to delete the binding, and then execute the static-bind command.

This command is not supported in IPv6 address pools that are configured with the remote-server command and act as DHCPv6 relay address pools.

Examples

# In address pool 1, bind IPv6 address 2001:0410::/35 to the client DUID 0003000100e0fc005552 and IAID A1A1A1A1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] static-bind address 2001:0410::/35 duid 0003000100e0fc005552 iaid A1A1A1A1

# In address pool 1, bind prefix 2001:0410::/35 to the client DUID 00030001CA0006A400 and IAID A1A1A1A1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] static-bind prefix 2001:0410::/35 duid 00030001CA0006A400 iaid A1A1A1A1

Related commands

display ipv6 dhcp pool

suboption

Use suboption to configure a suboption for a DHCPv6 vendor-specific option (Option 17).

Use undo suboption to delete a suboption from a DHCPv6 vendor-specific option.

Syntax

suboption suboption-code { address ipv6-address&<1-4> | ascii ascii-string | hex hex-string }

undo suboption suboption-code

Default

No suboptions are configured for a DHCPv6 vendor-specific option.

Views

Vendor-specific option view

Predefined user roles

network-admin

Parameters

suboption-code: Specifies a suboption code in the range of 1 to 65535.

address ipv6-address&<1-4>: Specifies a space-separated list of up to four IPv6 addresses as the suboption content.

ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 64 characters as the suboption content.

hex hex-string: Specifies a hexadecimal string of 2 to 128 characters as the suboption content. The number of characters in the string must be even.

Usage guidelines

In vendor-specific option view, you can configure suboptions for a vendor-specific option. With this option, the DHCPv6 server can assign additional network settings to DHCPv6 clients. These network settings include TFTP server information and the client's configuration file name.

You can configure up to 16 suboptions for a DHCPv6 vendor-specific option and specify the content of each suboption as needed.

If you use this command multiple times for the same suboption, the most recent configuration takes effect.

Examples

# Specify IPv6 addresses 1::1 1::2 as the content of suboption 1 in vendor-specific option 25506.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] vendor-specific 25506

[Sysname-dhcp6-pool-1-vs-25506] suboption 1 address 1::1 1::2

Related commands

vendor-specific

temporary address range

Use temporary address range to configure a temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation.

Use undo temporary address range to restore the default.

Syntax

temporary address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]

undo temporary address range

Default

No temporary IPv6 address range is configured in a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

start-ipv6-address: Specifies the start IPv6 address.

end-ipv6-address: Specifies the end IPv6 address.

preferred-lifetime preferred-lifetime: Sets the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).

valid-lifetime valid-lifetime: Sets the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred lifetime.

Usage guidelines

If you do not execute the temporary address range command, the DHCPv6 server does not support temporary address assignment.

You can configure only one temporary IPv6 address range in an address pool. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In DHCPv6 address pool 1, configure a temporary IPv6 address range from 3ffe:501:ffff:100::50 to 3ffe:501:ffff:100::60.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64

[Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50 3ffe:501:ffff:100::60

Related commands

display ipv6 dhcp pool

address range

network

vendor-specific

Use vendor-specific to configure a DHCPv6 vendor-specific option for an IPv6 address pool and enter the option view.

Use undo vendor-specific to remove a DHCPv6 vendor-specific option from an IPv6 address pool.

Syntax

vendor-specific vendor-id

undo vendor-specific vendor-id

Default

No DHCPv6 vendor-specific options are configured for an IPv6 address pool.

Views

IPv6 address pool view

Predefined user roles

network-admin

Parameters

vendor-id: Specify a vendor ID assigned by the IANA. The value range for this argument is 1 to 4294967295.

Usage guidelines

In addition to the options defined by RFC, the DHCPv6 server also supports a group of options that require manual configuration. These options are known as vendor-specific options.

This command defines DHCPv6 Option 17. With this option, the DHCPv6 server can assign additional network settings to DHCPv6 clients. These network settings include TFTP server information and the client's configuration file name.

You can configure up to eight vendor-specific options for an IPv6 address pool.

Examples

# Configure a vendor-specific option with vendor ID 25506 and enter the option view.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 1

[Sysname-dhcp6-pool-1] vendor-specific 25506

[Sysname-dhcp6-pool-1-vs-25506]

Related commands

suboption

vpn-instance

Use vpn-instance to apply a DHCPv6 address pool to a VPN instance.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

The DHCPv6 address pool is not applied to any VPN instance.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the DHCPv6 address pool belongs to the public network.

Usage guidelines

If a DHCPv6 address pool is applied to a VPN instance, the DHCPv6 server assigns IPv6 addresses in this address pool to clients in the specified VPN instance.

The DHCPv6 server identifies the VPN instance to which a DHCPv6 client belongs according to the following information:

· The client's VPN information stored in authentication modules.

· The VPN information of the DHCPv6 server's interface that receives DHCPv6 packets from the client.

The VPN information from authentication modules takes priority over the VPN information of the receiving interface.

Examples

# Apply DHCPv6 address pool 0 to the VPN instance abc.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 0

[Sysname-dhcp6-pool-0] vpn-instance abc

DHCPv6 relay agent commands

display ipv6 dhcp relay client-information address

Use display ipv6 dhcp relay client-information address to display DHCPv6 relay entries that record clients' IPv6 address information.

Syntax

display ipv6 dhcp relay client-information address [ interface interface-type interface-number | ipv6 ipv6-address ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 relay entries that record clients' IPv6 address information on all interfaces enabled with DHCPv6 relay agent.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays DHCPv6 relay entries for all IPv6 addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCPv6 relay entries that record clients' IPv6 address information for the public network.

Usage guidelines

The DHCPv6 relay agent records DHCPv6 relay entries only after you configure the ipv6 dhcp relay client-information record command.

Examples

# Display all DHCPv6 relay entries that record clients' IPv6 address information.

<Sysname> display ipv6 dhcp relay client-information address

1 DHCPv6 relay entries found.

IPv6 address IAID Lease Status Interface

2::1 0x00030001 54 Open Vlan2

# Display the DHCPv6 relay entry for the IPv6 address 2::1.

<Sysname> display ipv6 dhcp relay client-information address ipv6 2::1

1 DHCPv6 relay entries found.

IPv6 address: 2::1

DUID: 00030001CA000C180000

IAID: 0x00030001

Port index: N/A

Interface: Vlan2

Inner VLAN: N/A

Outer VLAN: N/A

Link address: 2::1

Status: Open

Access type: CommonV6

Remaining lease time: 54 seconds

Preferred lifetime: 400 seconds

Valid lifetime: 500 seconds

Table 11 Command output

Field	Description
x DHCPv6 relay entries found.	Number of DHCPv6 relay entries that record clients' IPv6 address information.
IPv6 address	IPv6 address of the DHCPv6 client.
DUID	DUID of the DHCPv6 client.
IAID	IAID of the DHCPv6 client.
Port index	Layer 2 port that receives the client's request. If the request is not received through a Layer 2 port, this field displays N/A.
Interface	Interface enabled with DHCPv6 relay agent. This field displays N/A if the entry does not contain interface information or if the interface index in the entry loses effect.
Inner VLAN	Inner VLAN tag contained in the client's request. If the request does not contain an inner VLAN tag, this field displays N/A.
Outer VLAN	Outer VLAN tag contained in the client's request. If the request does not contain an outer VLAN tag, this field displays N/A.
Link address	IPv6 address of the relay interface used to obtain the address for the client from the DHCPv6 server. The DHCPv6 relay agent sets this address in the Link address field of the Relay-forward message sent for the client.
Status	Status of the DHCPv6 relay entry: · OPEN—The DHCPv6 client has obtained an IPv6 address or renewed the lease. · SOLICIT—The DHCPv6 relay agent receives a Solicit message that contains a Rapid Commit option from the DHCPv6 client. · REQUEST—The DHCPv6 relay agent receives a Request message from the DHCPv6 client. · RELEASE—The DHCPv6 relay agent receives a Release message from the DHCPv6 client. · DECLINE—The DHCPv6 relay agent receives a Decline message from the DHCPv6 client. · RENEW—The DHCPv6 relay agent receives a Renew message from the DHCPv6 client. · REBIND—The DHCPv6 relay agent receives a Rebind message from the DHCPv6 client.
Access type	Access type of the DHCPv6 client: · Commonv6—Portal or DHCPv6.
Remaining lease time	Remaining time in seconds of the IPv6 address lease.
Preferred lifetime	Preferred lifetime in seconds of the IPv6 address.
Valid lifetime	Valid lifetime in seconds of the IPv6 address.

Related commands

ipv6 dhcp relay client-information record

reset ipv6 dhcp relay client-information address

display ipv6 dhcp relay client-information pd

Use display ipv6 dhcp relay client-information pd to display DHCPv6 relay entries that record clients' IPv6 prefix information.

Syntax

display ipv6 dhcp relay client-information pd [ interface interface-type interface-number | prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 relay entries that record clients' IPv6 prefix information on all interfaces enabled with DHCPv6 relay agent.

prefix prefix/prefix-len: Specifies an IPv6 prefix with its length. The value range for the prefix-len argument is 1 to 128. If you do not specify an IPv6 prefix, this command displays DHCPv6 relay entries for all IPv6 prefixes.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCPv6 relay entries that record clients' IPv6 prefix information for the public network.

Usage guidelines

The DHCPv6 relay agent records DHCPv6 relay entries only after you configure the ipv6 dhcp relay client-information record command.

Examples

# Display all DHCPv6 relay entries that record clients' IPv6 prefix information.

<Sysname> display ipv6 dhcp relay client-information pd

1 DHCPv6 relay entries found.

Prefix IAID Lease Status Interface

2::/64 0x00030001 54 Open Vlan2

# Display the DHCPv6 relay entry for the IPv6 prefix 2::/64.

<Sysname> display ipv6 dhcp relay client-information pd prefix 2::/64

1 DHCPv6 relay entries found.

Prefix: 2::/64

DUID: 00030001CA000C180000

IAID: 0x00030001

Port index: N/A

Interface: Vlan2

Inner VLAN: N/A

Outer VLAN: N/A

Link address: 2::1

Status: Open

Access type: CommonV6

Remaining lease time: 54 seconds

Preferred lifetime: 400 seconds

Valid lifetime: 500 seconds

Table 12 Command output

Field	Description
x DHCPv6 relay entries found.	Number of DHCPv6 relay entries that record clients' IPv6 prefix information.
Prefix	IPv6 prefix of the DHCPv6 client.
DUID	DUID of the DHCPv6 client.
IAID	IAID of the DHCPv6 client.
Port index	Layer 2 port that receives the client's request. If the request is not received through a Layer 2 port, this field displays N/A.
Interface	Interface enabled with DHCPv6 relay agent. This field displays N/A if the entry does not contain interface information or if the interface index in the entry loses effect.
Inner VLAN	Inner VLAN tag contained in the client's request. If the request does not contain an inner VLAN tag, this field displays N/A.
Outer VLAN	Outer VLAN tag contained in the client's request. If the request does not contain an outer VLAN tag, this field displays N/A.
Link address	IPv6 address of the relay interface used to obtain the prefix for the client from the DHCPv6 server. The DHCPv6 relay agent sets this address in the Link address field of the Relay-forward message sent for the client.
Status	Status of the DHCPv6 relay entry: · OPEN—The DHCPv6 client has obtained an IPv6 prefix or renewed the lease. · SOLICIT—The DHCPv6 relay agent receives a Solicit message that contains a Rapid Commit option from the DHCPv6 client. · REQUEST—The DHCPv6 relay agent receives a Request message from the DHCPv6 client. · RELEASE—The DHCPv6 relay agent receives a Release message from the DHCPv6 client. · DECLINE—The DHCPv6 relay agent receives a Decline message from the DHCPv6 client. · RENEW—The DHCPv6 relay agent receives a Renew message from the DHCPv6 client. · REBIND—The DHCPv6 relay agent receives a Rebind message from the DHCPv6 client.
Access type	Access type of the DHCPv6 client: · Commonv6—Portal or DHCPv6.
Remaining lease time	Remaining time in seconds of the IPv6 prefix lease.
Preferred lifetime	Preferred lifetime in seconds of the IPv6 prefix.
Valid lifetime	Valid lifetime in seconds of the IPv6 prefix.

Related commands

ipv6 dhcp relay client-information record

reset ipv6 dhcp relay client-information pd

display ipv6 dhcp relay m-lag-status

Use display ipv6 dhcp relay m-lag-status to display M-LAG status information recorded on the DHCPv6 relay agent.

Syntax

display ipv6 dhcp relay m-lag-status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display M-LAG status information recorded on the DHCPv6 relay agent.

<Sysname> display ipv6 dhcp relay m-lag-status

M-LAG role : Secondary

Peer-link/Peer-link Index : Bridge-Aggregation3/65540

Peer-link State : UP

Table 13 Command output

Field	Description
M-LAG role	M-LAG member device role: · Primary. · Secondary. If the device state is unknown, this field displays None.
Peer-link/Peer-link Index	Peer-link interface name or peer-link interface index.
Peer-link State	Physical status of the peer-link interface, up or down.

‌

display ipv6 dhcp relay server-address

Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on a DHCPv6 relay interface.

Syntax

display ipv6 dhcp relay server-address [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent.

Examples

# Display DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent.

<Sysname> display ipv6 dhcp relay server-address

Interface: Vlan-interface2

Server address Outgoing Interface Public/VRF name

2::3 --/--

3::4 Vlan-interface4 Y/--

4::5 --/1

Interface: Vlan-interface3

Server address Outgoing Interface Public/VRF name

2::3 --/--

3::4 Vlan-interface4 Y/--

4::5 --/1

# Display DHCPv6 server addresses on VLAN-interface 2.

<Sysname> display ipv6 dhcp relay server-address interface vlan-interface 2

Interface: Vlan-interface2

Server address Outgoing Interface Public/VRF name

2::3 --/--

3::4 Vlan-interface4 Y/--

4::5 --/1

Table 14 Command output

Field	Description
Server address	DHCPv6 server address specified on the DHCPv6 relay agent.
Outgoing Interface	Output interface of DHCPv6 packets. If no output interface is specified, the device searches the routing table for the output interface.
Public/VRF name	Location of the DHCPv6 server, which is determined by the configuration of the ipv6 dhcp relay server-address command. · If neither the public keyword nor the vpn-instance vpn-instance-name option is specified, this field displays --/--. · If the public keyword is specified, this field displays Y/--. · If the vpn-instance vpn-instance-name option is specified, the VPN instance name is displayed after the slash (/), for example, --/1.

Related commands

ipv6 dhcp relay server-address

ipv6 dhcp select

display ipv6 dhcp relay statistics

Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent.

Syntax

display ipv6 dhcp relay statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 packets statistics on all interfaces enabled with DHCPv6 relay agent.

Examples

# Display DHCPv6 packet statistics on all interfaces enabled with DHCPv6 relay agent.

<Sysname> display ipv6 dhcp relay statistics

Packets dropped : 4

Packets received : 14

Solicit : 0

Request : 0

Confirm : 0

Renew : 0

Rebind : 0

Release : 0

Decline : 0

Information-request : 7

Relay-forward : 0

Relay-reply : 7

Packets sent : 14

Advertise : 0

Reconfigure : 0

Reply : 7

Relay-forward : 7

Relay-reply : 0

# Display DHCPv6 packet statistics on the DHCPv6 relay agent on VLAN-interface 2.

<Sysname> display ipv6 dhcp relay statistics interface vlan-interface 2

Packets dropped : 4

Packets received : 16

Solicit : 0

Request : 0

Confirm : 0

Renew : 0

Rebind : 0

Release : 0

Decline : 0

Information-request : 8

Relay-forward : 0

Relay-reply : 8

Packets sent : 16

Advertise : 0

Reconfigure : 0

Reply : 8

Relay-forward : 8

Relay-reply : 0

Table 15 Command output

Field	Description
Packets dropped	Number of discarded packets.
Packets received	Number of received packets.
Solicit	Number of received solicit packets.
Request	Number of received request packets.
Confirm	Number of received confirm packets.
Renew	Number of received renew packets.
Rebind	Number of received rebind packets.
Release	Number of received release packets.
Decline	Number of received decline packets.
Information-request	Number of received information request packets.
Relay-forward	Number of received relay-forward packets.
Relay-reply	Number of received relay-reply packets.
Packets sent	Number of sent packets.
Advertise	Number of sent advertise packets.
Reconfigure	Number of sent reconfigure packets.
Reply	Number of sent reply packets.
Relay-forward	Number of sent Relay-forward packets.
Relay-reply	Number of sent Relay-reply packets.

Related commands

reset ipv6 dhcp relay statistics

gateway-list

Use gateway-list to specify gateway addresses for DHCPv6 clients in a DHCPv6 address pool.

Use undo gateway-list to remove gateway addresses from a DHCPv6 address pool.

Syntax

gateway-list ipv6-address&<1-8>

undo gateway-list [ ipv6-address&<1-8> ]

Default

No gateway address is specified in a DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

ipv6-address&<1-8>: Specifies a space-separated list of up to eight addresses.

Usage guidelines

DHCPv6 clients of the same access type can be classified into different types by their locations. In this case, the relay interface typically has no IPv6 address configured. You can use the gateway-list command to specify gateway addresses for clients matching the same DHCPv6 address pool.

Upon receiving a DHCPv6 Solicit or Request from a client that matches a DHCPv6 address pool, the relay agent processes the packet as follows:

· Fills the link-address field of the packet with a specified gateway address.

· Forwards the packet to all DHCPv6 servers in the matching DHCPv6 address pool.

The DHCPv6 servers select a DHCPv6 address pool according to the gateway address.

Examples

# Specify the gateway address 10::1 in the DHCPv6 address pool p1.

<Sysname> system-view

[Sysname] ipv6 dhcp pool p1

[Sysname-dhcp6-pool-p1] gateway-list 10::1

ipv6 dhcp advertise address-route

Use ipv6 dhcp advertise address-route to enable the DHCPv6 relay agent to advertise host routes for IPv6 addresses assigned to DHCPv6 clients.

Use undo ipv6 dhcp advertise address-route to disable the DHCPv6 relay agent from advertising host routes for IPv6 addresses assigned to DHCPv6 clients.

Syntax

ipv6 dhcp advertise address-route

undo ipv6 dhcp advertise address-route

Default

The DHCPv6 relay agent does not advertise host routes for IPv6 addresses assigned to DHCPv6 clients.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In a network where ND cannot resolve global unicast addresses, network devices cannot generate ND entries for all global unicast addresses. If a DHCPv6 client obtains a global unicast address, the neighboring devices do not have the ND entries for this global unicast address, thus cannot forward the packets destined for the client. To resolve this problem, enable the DHCPv6 relay agent to advertise host routes for assigned IPv6 addresses in DHCPv6 replies. The advertised route information is as follows:

· The destination IP address is the assigned IPv6 address.

· The next hop is the link-local address of the DHCPv6 client.

· The output interface is the interface that forwards the reply.

After the relay agent receives a packet destined for the assigned IPv6 address, the relay agent looks up the routing table for the next hop. ND resolution can succeed because the next hop is the link-local address of the client. The relay agent searches the ND table for the MAC address of the client based on the next hop and then forwards the packet.

Before using this command on the DHCPv6 relay agent, enable the DHCPv6 relay agent to record DHCPv6 relay entries first.

Examples

# Enable the DHCPv6 relay agent to advertise host routes for IPv6 addresses assigned to DHCPv6 clients.

<Sysname> system-view

[Sysname] ipv6 dhcp advertise address-route

Related commands

ipv6 dhcp relay client-information record

ipv6 dhcp client-detect

Use ipv6 dhcp client-detect to enable client offline detection on the DHCPv6 relay agent.

Use undo ipv6 dhcp client-detect to disable client offline detection on the DHCPv6 relay agent.

Syntax

ipv6 dhcp client-detect

undo ipv6 dhcp client-detect

Default

Client offline detection is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only after you enable the DHCPv6 relay agent and the recording of DHCPv6 relay entries on the interface.

Examples

# Enable client offline detection on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp select relay

[Sysname-Vlan-interface2] ipv6 dhcp relay client-information record

[Sysname-Vlan-interface2] ipv6 dhcp client-detect

ipv6 dhcp relay client-information record

Use ipv6 dhcp relay client-information record to enable recording client information in DHCPv6 relay entries.

Use undo ipv6 dhcp relay client-information record to disable recording client information in DHCPv6 relay entries.

Syntax

ipv6 dhcp relay client-information record

undo ipv6 dhcp relay client-information record

Default

The DHCPv6 relay agent does not record client information in DHCPv6 relay entries.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The undo ipv6 dhcp relay client-information record command disables the recording of DHCPv6 relay entries and deletes all recorded DHCPv6 relay entries.

Examples

# Enable the recording of DHCPv6 relay entries on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp select relay

[Sysname-Vlan-interface2] ipv6 dhcp relay client-information record

Related commands

display ipv6 dhcp relay client-information address

display ipv6 dhcp relay client-information pd

ipv6 dhcp advertise address-route

ipv6 dhcp relay client-link-address enable

Use ipv6 dhcp relay client-link-address enable to enable the DHCPv6 relay agent to support Option 79.

Use undo ipv6 dhcp relay client-link-address enable to disable Option 79 support.

Syntax

ipv6 dhcp relay client-link-address enable

undo ipv6 dhcp relay client-link-address enable

Default

The DHCPv6 relay agent does not support Option 79.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

If DHCPv6 relay agents exist in the network, the DHCPv6 server needs the MAC address of the DHCPv6 client for authentication or for IPv6 address or prefix assignment. To meet the requirement, enable the DHCPv6 relay agent that the client first passes to support Option 79. This feature allows the DHCPv6 relay agent to learn the MAC address in the client request. When the relay agent generates a Relay-Forward packet for the request, it fills the MAC address of the client in Option 79. The Relay-Forward packet is then forwarded to the DHCPv6 server.

Examples

# Enable Option 79 support on the relay agent.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp relay client-link-address enable

ipv6 dhcp relay confirm-reply-check

Use ipv6 dhcp relay confirm-reply-check to enable the DHCPv6 relay agent to check the Reply messages in response to Confirm messages.

Use undo ipv6 dhcp relay confirm-reply-check to disable the DHCPv6 relay agent from checking the Reply messages in response to Confirm messages.

Syntax

ipv6 dhcp relay confirm-reply-check

undo ipv6 dhcp relay confirm-reply-check

Default

The DHCPv6 relay agent does not check the Reply messages in response to Confirm messages.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

NOTE:

The Reply messages mentioned in this section are those in response to Confirm messages.

‌

Multiple DHCPv6 servers might be deployed on a relay network, for example, DHCPv6 server A and DHCPv6 server B. When DHCPv6 server A receives a Request message from a DHCPv6 client, it assigns an IPv6 address to that client. In this example, the assigned IPv6 address does not belong to any address pool on DHCPv6 server B. Upon receiving the IPv6 address, the client multicasts a Confirm message to all DHCPv6 servers on the network to verify that the IPv6 address is usable. On receipt of the Confirm message, DHCPv6 server A and DHCPv6 server B act differently as follows:

· DHCPv6 server A returns a Reply message to notify the client that the IPv6 address is usable.

· DHCPv6 server B returns a Reply message to notify the client that it fails to assign the IPv6 address.

The DHCPv6 relay agent then forwards the two Reply messages to the client. As a result, the client might fail to obtain the IPv6 address.

To avoid the issue above, enable the DHCPv6 relay agent to check the Reply messages in response to Confirm messages.

Operating mechanism

With this feature enabled, when the DHCPv6 relay agent receives the first Reply message in response to a client's Confirm message, it performs the following task:

1. Starts a check timer that is fixed at 0.5 seconds.

2. Identifies whether the Reply messages received before the check timer expires confirm successful address allocation.

3. Forwards the Reply messages received after the check timer expires, using the original forwarding mechanism without checking them.

The operating mechanism of this feature is as follows:

· If the first received Reply message confirms successful address allocation to the client, the relay agent forwards that Reply message to the client. The relay agent processes the Reply messages subsequently received for the client within the check timer as follows:

¡ Discards the Reply messages that confirm unsuccessful address allocation.

¡ Forwards the Reply messages that confirm successful address allocation.

· If the first received Reply message confirms unsuccessful address allocation to the client, the relay agent caches that Reply message and waits for a Reply message of successful address allocation:

¡ If the relay agent does not receive such a Reply message for the client within the check timer, it performs the following operations after the check timer expires:

- Forwards the cached Reply message to the client.

- Discards the other Reply messages received for the client before the check timer expires.

¡ If the relay agent receives such a Reply message for the client within the check timer, it forwards that Reply message to the client and discards the cached Reply message. The relay agent processes the Reply messages received for the client within the check timer as follows:

- Discards the Reply messages that confirm unsuccessful address allocation.

- Forwards the Reply messages that confirm successful address allocation.

· If the relay agent receives new DHCP requests (including Confirm messages) from the client, it deletes the cached Reply message and disables the check timer.

· If the relay agent receives a new DHCP request from the client, it determines that the client has initiated a new request. In this situation, the relay agent will directly forward the Reply messages in response to the Confirm message of the client, without checking them.

Examples

# Enable the DHCPv6 relay agent to check the Reply messages in response to Confirm messages.

<Sysname> system-view

[Sysname] ipv6 dhcp relay confirm-reply-check

ipv6 dhcp relay duid aging-time

Use ipv6 dhcp relay duid aging-time to set the aging timer for DUID entries on a DHCPv6 relay interface.

Use undo ipv6 dhcp relay duid aging-time to restore the default.

Syntax

ipv6 dhcp relay duid aging-time seconds

undo ipv6 dhcp relay duid aging-time

Default

The aging timer for DUID entries is 60 seconds on the DHCPv6 relay agent.

Views

Interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the aging timer in seconds. The value range for this argument is 20 to 300.

Usage guidelines

When receiving a Solicit message from a client, DHCPv6 smart relay uses the DUID table to determine the link address set in the Relay-forward message sent to forward the Solicit message.

The DHCPv6 relay DUID entry for a client contains the following information:

· MAC address of the DHCPv6 client.

· Index of the relay interface connected to the client.

· The remaining lifetime of the entry.

· Link address (one of the global unicast addresses on the relay interface).

· Number of Relay-forward messages sent with this link address to forward a Solicit message from the client.

· The amount of time that has elapsed since the first Relay-forward message was sent with that link address to forward a Solicit message from the client.

To avoid smart relay failure, make sure the aging timer for DUID entries is greater than the time-based link address change trigger set by using the ipv6 dhcp smart-relay command.

Examples

# Set the DUID entry aging time to 30 seconds on DHCPv6 relay interface VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp relay duid aging-time 30

ipv6 dhcp relay gateway

Use ipv6 dhcp relay gateway to specify a gateway address for DHCPv6 clients on the DHCPv6 relay interface.

Use undo ipv6 dhcp relay gateway to restore the default.

Syntax

ipv6 dhcp relay gateway ipv6-address

undo ipv6 dhcp relay gateway

Default

The first IPv6 address of the relay interface is used as the gateway address for DHCPv6 clients.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies a gateway address. The IPv6 address must be an IPv6 address of the relay interface.

Usage guidelines

The DHCPv6 relay agent uses the specified IPv6 address instead of the first IPv6 address of the relay interface as the gateway address for DHCPv6 clients.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify 10::1 as the gateway address for DHCPv6 clients on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp relay gateway 10::1

Related commands

gateway-list

ipv6 dhcp relay interface-id

Use ipv6 dhcp relay interface-id to specify a padding mode for the Interface-ID option.

Use undo ipv6 dhcp relay interface-id to restore the default.

Syntax

ipv6 dhcp relay interface-id { bas | interface | user-mac }

undo ipv6 dhcp relay interface-id

Default

The DHCPv6 relay agent fills the Interface-ID option with the interface index of the interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

bas: Specifies the BAS mode.

interface: Specifies the interface name mode. The relay agent in this mode pads the Interface-ID option in ASCII code with the interface name and VLAN ID of the interface.

user-mac: Specifies the user MAC mode. The relay agent in this mode pads the Interface-ID option with the MAC address of the DHCPv6 client.

Usage guidelines

Enable the DHCPv6 relay agent on the interface before executing this command. Otherwise, the command does not take effect.

Examples

# Specify the BAS padding mode for the Interface-ID option on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp relay interface-id bas

# Specify the interface name padding mode for the Interface-ID option on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp relay interface-id interface

# Specify the user MAC padding mode for the Interface-ID option on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp relay interface-id user-mac

ipv6 dhcp relay mac-forward enable

Use ipv6 dhcp relay mac-forward enable to enable MAC address table lookup for DHCPv6 replies that do not have forwarding information on the relay agent.

Use undo ipv6 dhcp relay mac-forward enable to restore the default.

Syntax

ipv6 dhcp relay mac-forward enable [ broadcast ]

undo ipv6 dhcp relay mac-forward enable

Default

The DHCPv6 relay agent discards a DHCPv6 reply if the agent does not have the forwarding information for the reply.

Views

System view

Predefined user roles

network-admin

Parameters

broadcast: Broadcasts DHCPv6 replies out of the interface found in the matching MAC address entry. If you do not specify this keyword, the DHCPv6 relay agent unicasts DHCPv6 replies.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable MAC address table lookup for DHCPv6 replies that do not have forwarding information on the relay agent.

<Sysname> system-view

[Sysname] ipv6 dhcp relay mac-forward enable

Related commands

ipv6 dhcp relay interface-id

ipv6 dhcp relay release-agent

Use ipv6 dhcp relay release-agent to enable IPv6 release notification.

Use undo ipv6 dhcp relay release-agent to restore the default.

Syntax

ipv6 dhcp relay release-agent

undo ipv6 dhcp relay release-agent

Default

IPv6 release notification is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCPv6 relay agent to send a Release message to the DHCPv6 server after it deletes a DHCPv6 relay entry. After the DHCPv6 server receives the message, it reclaims the IPv6 address or prefix and marks the lease as expired.

This command takes effect only after you enable the DHCPv6 relay agent and the recording of DHCPv6 relay entries on the interface.

Examples

# Enable IPv6 release notification on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp select relay

[Sysname-Vlan-interface2] ipv6 dhcp relay client-information record

[Sysname-Vlan-interface2] ipv6 dhcp relay release-agent

ipv6 dhcp relay remote-id duid

Use ipv6 dhcp relay remote-id duid to specify the DUID to be set in Option 37.

Use undo ipv6 dhcp relay remote-id duid to restore the default.

Syntax

ipv6 dhcp relay remote-id duid { ascii ascii-string | hex hex-string }

undo ipv6 dhcp relay remote-id duid

Default

The DHCPv6 relay agent sets its own DUID in Option 37.

Views

Interface view

Predefined user roles

network-admin

Parameters

ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 128 characters.

hex hex-string: Specifies a hexadecimal string of 2 to 128 characters. The string length must be an even number.

Examples

# Configure the DHCPv6 relay agent to set the DUID in Option 37 to FFFFFFFF on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp relay remote-id duid hex ffffffff

Related commands

ipv6 dhcp relay remote-id enable

Use ipv6 dhcp relay remote-id enable to enable the DHCPv6 relay agent to add Option 37 in Relay-forward messages.

Use undo ipv6 dhcp relay remote-id enable to disable the DHCPv6 relay agent from adding Option 37 in Relay-forward messages.

Syntax

ipv6 dhcp relay remote-id enable

undo ipv6 dhcp relay remote-id enable

Default

The DHCPv6 relay agent does not add Option 37 in Relay-forward messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables the DHCPv6 relay agent to encapsulate Option 37 in the Relay-forward messages sent to DHCPv6 servers. Option 37 provides client location information for DHCPv6 servers to decide the IPv6 address and other settings to be assigned to the requesting client.

The DUID to be set in Option 37 is configurable with the ipv6 dhcp relay remote-id duid command.

For more information about Option 37, see DHCPv6 configuration in Layer 3—IP Services Configuration Guide.

Examples

# Enable the DHCPv6 relay agent to insert Option 37 in Relay-forward messages on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp relay remote-id enable

Related commands

ipv6 dhcp relay remote-id duid

ipv6 dhcp relay request-from-tunnel discard

Use ipv6 dhcp relay request-from-tunnel discard to configure the DHCPv6 relay agent to discard the DHCPv6 requests received from VXLAN tunnels.

Use undo ipv6 dhcp relay request-from-tunnel discard to restore the default.

Syntax

ipv6 dhcp relay request-from-tunnel discard

undo ipv6 dhcp relay request-from-tunnel discard

Default

The DHCPv6 relay agent forwards the DHCPv6 requests received from VXLAN tunnels.

Views

VXLAN VSI interface view

Predefined user roles

network-admin

Usage guidelines

In a VXLAN network, you can configure the DHCPv6 relay agent feature on the VSI interfaces of a VTEP.

When the DHCPv6 relay agent receives a DHCPv6 request from an AC mapped to a relay VSI interface, the relay agent forwards this request to the DHCPv6 servers and broadcasts this request to other VTEPs. If those VTEPs also function as DHCPv6 relay agents, they will forward the DHCPv6 request to the DHCPv6 servers connected to them. To prevent a DHCPv6 server from receiving duplicate DHCPv6 requests from different VTEPs, execute this command on the VSI interfaces of the VTEPs that are not directly connected to DHCPv6 clients.

Examples

# On VSI-interface 1, configure the DHCPv6 relay agent to discard the DHCPv6 requests received from VXLAN tunnels.

<Sysname> system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] ipv6 dhcp relay request-from-tunnel discard

ipv6 dhcp relay server-address

Use ipv6 dhcp relay server-address to specify a DHCPv6 server on the DHCPv6 relay agent.

Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses.

Syntax

ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] [ public | vpn-instance vpn-instance-name ]

undo ipv6 dhcp relay server-address [ ipv6-address [ interface interface-type interface-number ] [ public | vpn-instance vpn-instance-name ] ]

Default

No DHCPv6 server address is specified on the DHCPv6 relay agent.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of a DHCPv6 server.

interface interface-type interface-number: Specifies an output interface through which the relay agent forwards the DHCPv6 requests to the DHCPv6 server. If you do not specify an output interface, the relay agent looks up the routing table for an output interface.

public: Specifies that the DHCPv6 server is on the public network. If you do not specify this keyword, whether the DHCPv6 server is on the public network or in the VPN depends on the DHCPv6 client location.

vpn-instance vpn-instance-name: Specifies the name of the MPLS L3VPN instance to which the DHCPv6 server belongs. The instance name is a case-sensitive string of 1 to 31 characters. If you do not specify this option, whether the DHCPv6 server is on the public network or in the VPN depends on the DHCPv6 client location.

Usage guidelines

Upon receiving a request from a DHCPv6 client, the interface encapsulates the request into a Relay-forward message and forwards the message to the specified DHCPv6 server.

You can specify a maximum of eight DHCPv6 servers on an interface. The DHCPv6 relay agent forwards DHCPv6 requests to all the specified DHCPv6 servers.

If the DHCPv6 server address is a link-local address or multicast address, you must specify an output interface. If you do not specify an output interface, DHCPv6 packets might fail to reach the DHCPv6 server.

If you specify an MPLS L3VPN, the DHCPv6 relay agent forwards DHCPv6 requests to the DHCPv6 server in this VPN.

If you do not specify an IPv6 address, the undo ipv6 dhcp relay server-address command removes all DHCPv6 server addresses specified on the interface.

Do not enable the DHCPv6 client and the DHCPv6 relay agent on the same interface.

Examples

# Enable the DHCPv6 relay agent on VLAN-interface 2 and specify the DHCPv6 server address 2001:1::3.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp select relay

[Sysname-Vlan-interface2] ipv6 dhcp relay server-address 2001:1::3

Related commands

display ipv6 dhcp relay server-address

ipv6 dhcp select

ipv6 dhcp relay source-address

Use ipv6 dhcp relay source-address to specify the source IPv6 address for relayed DHCPv6 requests.

Use undo ipv6 dhcp relay source-address to restore the default.

Syntax

ipv6 dhcp relay source-address { ipv6-address | interface interface-type interface-number }

undo ipv6 dhcp relay source-address

Default

The DHCPv6 relay agent uses the IPv6 global unicast address of the interface that connects to the DHCPv6 server as the source IPv6 address for relayed DHCPv6 requests.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies a source IPv6 address.

interface interface-type interface-number: Uses the IPv6 address of an interface as the source IPv6 address. The interface-type interface-number arguments specify an interface by its type and number.

Usage guidelines

This command is required if a relay interface does not have routes to DHCPv6 servers. You can specify a global unicast address or the IPv6 address of another interface (typically the loopback interface) as the source IPv6 address for DHCPv6 requests. The relay interface inserts the source IPv6 address in the source IPv6 address field of DHCPv6 requests.

If the specified interface does not have a global unicast IPv6 address, the IPv6 address of the output interface is used as the source address for relayed DHCPv6 requests.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify 10::1 as the source IPv6 address for relayed DHCPv6 requests on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp relay source-address 10::1

ipv6 dhcp smart-relay

Use ipv6 dhcp smart-relay to configure smart relay on a DHCPv6 relay interface.

Use undo ipv6 dhcp smart-relay to restore the default.

Syntax

ipv6 dhcp smart-relay { count count | time seconds } *

undo ipv6 dhcp smart-relay { count | time } *

Default

DHCPv6 smart relay changes the link address in the Relay-forward message sent for a client when the following conditions are met:

· That link address has been used in a minimum of three Relay-forward messages sent to forward the Solicit message from a client.

· A minimum of 24 seconds has elapsed since the first Relay-forward message was sent with that link address.

Views

Interface view

Predefined user roles

network-admin

Parameters

count count: Sets the message count-based link address change trigger. It is the minimum number of Relay-forward messages sent with a particular link address to forward Solicit messages from a client. The value range for the count argument is 1 to 10.

time seconds: Sets the time-based link address change trigger. It is the minimum amount of time that has elapsed since the first Relay-forward message was sent with a particular link address. The value range for the seconds argument is 0 to 60 seconds. Set this trigger to 0 if you only need to use the message count-based link address change trigger to control link address changes.

Usage guidelines

If you enable both of the triggers, DHCPv6 smart relay agent changes the link address when both of the following conditions are met:

· The number of Relay-forward messages sent with that link address for the client has reached the limit.

· The minimum amount of time has elapsed since the first Relay-forward message was sent with that link address.

Set the triggers depending on the link performance of the relay interface. On a slow link, increase the values for the triggers.

Examples

# Configure DHCPv6 smart relay on interface VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp smart-relay count 5 time 30

ipv6 dhcp smart-relay enable

Use ipv6 dhcp smart-relay enable to enable smart relay on a DHCPv6 relay interface.

Use undo ipv6 dhcp smart-relay enable to disable smart relay on a DHCPv6 relay interface.

Syntax

ipv6 dhcp smart-relay enable

undo ipv6 dhcp smart-relay enable

Default

Smart relay is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Smart relay enables address acquisition for clients from multiple subnets if they are attached to a relay interface that has multiple global unicast addresses.

With smart relay disabled on a relay interface, the DHCPv6 relay agent uses only the first global unicast address on the relay interface to forward Solicit messages.

With smart relay enabled on a relay interface, the DHCPv6 relay agent selects an address from all global unicast addresses on the relay interface to forward Solicit messages. The selection is performed in a round-robin manner, starting from the lowest global unicast address.

For more information about the working mechanism of DHCPv6 smart relay, see the configuration guide.

Examples

# Enable smart relay on interface VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp smart-relay enable

remote-server

Use remote-server to specify DHCPv6 servers for a DHCPv6 address pool.

Use undo remote-server to remove DHCPv6 servers from a DHCPv6 address pool.

Syntax

remote-server ipv6-address [ interface interface-type interface-number ]

undo remote-server [ ipv6-address [ interface interface-type interface-number ] ]

Default

No DHCPv6 server is specified for the DHCPv6 address pool.

Views

DHCPv6 address pool view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies a DHCPv6 server address.

interface interface-type interface-number: Specifies the outgoing interface by its type and number for the DHCPv6 relay agent to forward packets to the DHCPv6 server. If you do not specify an outgoing interface, the DHCPv6 relay agent performs a routing table lookup.

Usage guidelines

You can specify a maximum of eight DHCPv6 servers in one DHCPv6 address pool.

If you do not specify any parameters, the undo remote-server command removes all DHCPv6 servers in the DHCPv6 address pool.

If a DHCPv6 server address is a link-local address, you must specify an outgoing interface by using the interface keyword in this command. If you do not specify an outgoing interface, DHCPv6 packets might fail to reach the DHCPv6 server.

Examples

# Specify DHCPv6 server 10::1 for DHCPv6 address pool 0.

<Sysname> system-view

[Sysname] ipv6 dhcp pool 0

[Sysname-dhcp6-pool-0] remote-server 10::1

reset ipv6 dhcp relay client-information address

Use reset ipv6 dhcp relay client-information address to clear DHCPv6 relay entries that record clients' IPv6 address information.

Syntax

reset ipv6 dhcp relay client-information address [ interface interface-type interface-number | ipv6 ipv6-address ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears DHCPv6 relay entries that record clients' IPv6 address information on all interfaces enabled with DHCPv6 relay agent.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command clears DHCPv6 relay entries for all IPv6 addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears DHCPv6 relay entries that record clients' IPv6 address information for the public network.

Usage guidelines

To enable the DHCPv6 relay agent to send a Release message to the DHCPv6 server after it deletes a DHCPv6 relay entry, execute the ipv6 dhcp relay release-agent command.

Examples

# Clear all DHCPv6 relay entries that record clients' IPv6 address information.

<Sysname> reset ipv6 dhcp relay client-information address

Related commands

display ipv6 dhcp relay client-information address

ipv6 dhcp relay client-information record

reset ipv6 dhcp relay client-information pd

Use reset ipv6 dhcp relay client-information pd to clear DHCPv6 relay entries that record clients' IPv6 prefix information.

Syntax

reset ipv6 dhcp relay client-information pd [ interface interface-type interface-number | prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears DHCPv6 relay entries that record clients' IPv6 prefix information on all interfaces enabled with DHCPv6 relay agent.

prefix prefix/prefix-len: Specifies an IPv6 prefix with its length. The value range for the prefix-len argument is 1 to 128. If you do not specify an IPv6 prefix, this command clears DHCPv6 relay entries for all IPv6 prefixes.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears DHCPv6 relay entries that record clients' IPv6 prefix information for the public network.

Examples

# Clear all DHCPv6 relay entries that record clients' IPv6 prefix information.

<Sysname> reset ipv6 dhcp relay client-information pd

Related commands

display ipv6 dhcp relay client-information pd

ipv6 dhcp relay client-information record

reset ipv6 dhcp relay statistics

Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent.

Syntax

reset ipv6 dhcp relay statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all relay agent statistics.

Examples

# Clear packet statistics on the DHCPv6 relay agent.

<Sysname> reset ipv6 dhcp relay statistics

Related commands

display ipv6 dhcp relay statistics

DHCPv6 client commands

display ipv6 dhcp client

Use display ipv6 dhcp client to display DHCPv6 client information.

Syntax

display ipv6 dhcp client [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about all DHCPv6 clients.

Examples

# Display the DHCPv6 client information on VLAN-interface 2.

<Sysname> display ipv6 dhcp client interface vlan-interface 2

Vlan-interface2:

Type: Stateful client requesting address and prefix

State: OPEN

Client DUID: 0003000100e002000000

Preferred server:

Reachable via address: FE80::2E0:1FF:FE00:18

Server DUID: 0003000100e001000000

IA_NA: IAID 0x00000642, T1 50 sec, T2 80 sec

Address: 1:1::2/128

Preferred lifetime 100 sec, valid lifetime 200 sec

Will expire on Feb 4 2014 at 15:37:20(288 seconds left)

IA_PD: IAID 0x00000642, T1 50 sec, T2 80 sec

Prefix: 12:34::/48

Preferred lifetime 100 sec, valid lifetime 200 sec

Will expire on Mar 27 2014 at 08:13:24 (199 seconds left)

DNS server addresses:

2:2::3

Domain name:

aaa.example.com

SIP server addresses:

2:2::4

SIP server domain names:

bbb.example.com

Options:

Code: 88

Length: 3 bytes

Hex: AABBCC

Table 16 Command output

Field	Description
Type	Types of DHCPv6 client: · Stateful client requesting address—A DHCPv6 client that requests an IPv6 address. · Stateful client requesting prefix—A DHCPv6 client that requests an IPv6 prefix. · Stateful client requesting address and prefix—A DHCPv6 client that requests an IPv6 address and prefix. · Stateless client—A DHCPv6 client that requests configuration parameters other than an IPv6 address and prefix through stateless DHCPv6.
State	Current state of the DHCPv6 client: · IDLE—The client is in idle state. · SOLICIT—The client is locating a DHCPv6 server. · REQUEST—The client is requesting an IPv6 address or prefix. · OPEN—The client has obtained an IPv6 address or prefix. · RENEW—The client is extending the lease (after T1 and before T2). · REBIND—The client is extending the lease (after T2 and before the lease expires). · RELEASE—The client is releasing an IPv6 address or prefix. · DECLINE—The client is declining an IPv6 address or prefix because of an address or prefix conflict. · INFO-REQUESTING—The client is requesting configuration parameters through stateless DHCPv6.
Client DUID	DUID of the DHCPv6 client.
Preferred server	Information about the DHCPv6 server selected by the DHCPv6 client.
Reachable via address	Reachable address for the DHCPv6 client. It is the link local address of the DHCPv6 server or DHCPv6 relay agent.
Server DUID	DUID of the DHCPv6 server.
IA_NA	IA_NA information.
IA_PD	IA_PD information.
IAID	IA identifier.
T1	T1 value in seconds.
T2	T2 value in seconds.
Address	IPv6 address obtained. This field is displayed only when the DHCPv6 client type is Stateful client requesting address.
Prefix	IPv6 prefix obtained. This field is displayed only when the DHCPv6 client type is Stateful client requesting prefix.
Preferred lifetime	Preferred lifetime in seconds.
valid lifetime	Valid lifetime in seconds.
Will expire on Feb 4 2014 at 15:37:20 (288 seconds left)	Time when the lease expires and the remaining time of the lease. If the lease expires after the year 2100, this field displays Will expire after 2100.
DNS server addresses	IPv6 address of the DNS server.
Domain name	Domain name suffix.
SIP server addresses	IPv6 address of the SIP server.
SIP server domain names	Domain name of the SIP server.
Options	Self-defined options.
Code	Code of the self-defined option.
Length	Self-defined option length in bytes.
Hex	Self-defined option content represented by a hexadecimal number.

Related commands

ipv6 address dhcp-alloc

ipv6 dhcp client duid

ipv6 dhcp client pd

display ipv6 dhcp client statistics

Use display ipv6 dhcp client statistics to display DHCPv6 client statistics.

Syntax

display ipv6 dhcp client statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays statistics for all DHCPv6 clients.

Examples

# Display DHCPv6 client statistics on VLAN-interface 2.

<Sysname> display ipv6 dhcp client statistics interface vlan-interface 2

Interface : Vlan-interface2

Packets received : 1

Reply : 1

Advertise : 0

Reconfigure : 0

Invalid : 0

Packets sent : 5

Solicit : 0

Request : 0

Renew : 0

Rebind : 0

Information-request : 5

Release : 0

Decline : 0

Table 17 Command output

Field	Description
Interface	Interface that acts as the DHCPv6 client.
Packets Received	Number of received packets.
Reply	Number of received reply packets.
Advertise	Number of received advertise packets.
Reconfigure	Number of received reconfigure packets.
Invalid	Number of invalid packets.
Packets sent	Number of sent packets.
Solicit	Number of sent solicit packets.
Request	Number of sent request packets.
Renew	Number of sent renew packets.
Rebind	Number of sent rebind packets.
Information-request	Number of sent information request packets.
Release	Number of sent release packets.
Decline	Number of sent decline packets.

Related commands

reset ipv6 dhcp client statistics

ipv6 address dhcp-alloc

Use ipv6 address dhcp-alloc to configure an interface to use DHCPv6 for IPv6 address acquisition.

Use undo ipv6 address dhcp-alloc to cancel an interface from using DHCPv6, and clear the obtained IPv6 address and other configuration parameters.

Syntax

ipv6 address dhcp-alloc [ option-group option-group-number | rapid-commit ] *

undo ipv6 address dhcp-alloc

Default

An interface does not use DHCPv6 for IPv6 address acquisition.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the configuration parameters, and assigns an ID to the option group. The value range for the ID is 1 to 100. If you do not specify this option, the DHCPv6 client does not create any dynamic DHCPv6 option groups.

rapid-commit: Supports rapid address or prefix assignment.

Examples

# Configure VLAN-interface 10 to use DHCPv6 for IPv6 address acquisition. Configure the DHCPv6 client to support rapid address assignment and create dynamic DHCPv6 option group 1 for the configuration parameters obtained.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 address dhcp-alloc rapid-commit option-group 1

Related commands

display ipv6 dhcp client

ipv6 dhcp client dscp

Use ipv6 dhcp client dscp to set the DSCP value for DHCPv6 packets sent by the DHCPv6 client.

Use undo ipv6 dhcp client dscp to restore the default.

Syntax

ipv6 dhcp client dscp dscp-value

undo ipv6 dhcp client dscp

Default

The DSCP value in DHCPv6 packets is 56.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets the DSCP value for DHCPv6 packets, in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the Traffic class field of a DHCPv6 packet. It specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 client.

<Sysname> system-view

[Sysname] ipv6 dhcp client dscp 30

ipv6 dhcp client duid

Use ipv6 dhcp client duid to configure the DHCPv6 client DUID for an interface.

Use undo ipv6 dhcp client duid to restore the default.

Syntax

ipv6 dhcp client duid { ascii ascii-string | hex hex-string | mac interface-type interface-number }

undo ipv6 dhcp client duid

Default

The interface uses the device bridge MAC address to generate its DHCPv6 client DUID.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 130 characters as the DHCPv6 client DUID.

hex hex-string: Specifies a hexadecimal number of 2 to 260 characters as the DHCPv6 client DUID.

mac interface-type interface-number: Specifies the MAC address of the specified interface as the DHCPv6 client DUID. The interface-type interface-number arguments specify an interface by its type and number.

Usage guidelines

A DHCPv6 client pads its DUID into the Option 1 of the DHCPv6 packet that it sends to the DHCPv6 server. The DHCPv6 server can assign specific IPv6 addresses or prefixes to DHCPv6 clients with specific DUIDs.

The DUID of a DHCPv6 client is the globally unique identifier of the client, so make sure the DUID that you configure is unique.

Examples

# Specify the hexadecimal number FFFFFFFF as the DHCPv6 client DUID for VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp client duid hex ffffffff

Related commands

display ipv6 dhcp client

ipv6 dhcp client pd

Use ipv6 dhcp client pd to configure an interface to use DHCPv6 for IPv6 prefix acquisition.

Use undo ipv6 dhcp client pd to cancel an interface from using DHCPv6, and clear the obtained IPv6 prefix and other configuration parameters.

Syntax

ipv6 dhcp client pd prefix-number [ option-group option-group-number | rapid-commit ]*

undo ipv6 dhcp client pd

Default

An interface does not use DHCPv6 for IPv6 prefix acquisition.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix, the client assigns the ID to the IPv6 prefix.

rapid-commit: Supports rapid address or prefix assignment.

Examples

# Configure VLAN-interface10 to use DHCPv6 for IPv6 prefix acquisition. Specify IDs for the dynamic IPv6 prefix and dynamic DHCPv6 option group, and configure the client to support rapid prefix assignment.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp client pd 1 rapid-commit option-group 1

Related commands

display ipv6 dhcp client

ipv6 dhcp client stateful

Use ipv6 dhcp client stateful to configure an interface to use DHCPv6 for IPv6 address and prefix acquisition.

Use undo ipv6 dhcp client stateful to cancel an interface from using DHCPv6, and clear the obtained IPv6 address, prefix, and other configuration parameters.

Syntax

ipv6 dhcp client stateful prefix prefix-number [ option-group option-group-number | rapid-commit ] *

undo ipv6 dhcp client stateful

Default

An interface does not use DHCPv6 for IPv6 address and prefix acquisition.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

prefix prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix, the client assigns the ID to the IPv6 prefix.

rapid-commit: Supports rapid address and prefix assignment.

Usage guidelines

The ipv6 dhcp client stateful command takes effect if it is configured with the ipv6 address dhcp-alloc and ipv6 dhcp client pd commands on an interface. You must execute the undo ipv6 dhcp client stateful command to have the ipv6 address dhcp-alloc and ipv6 dhcp client pd commands take effect.

Examples

# Configure VLAN-interface 10 to use DHCPv6 for IPv6 address and prefix acquisition. Specify IDs for the dynamic IPv6 prefix and dynamic DHCPv6 option group, and configure the client to support rapid address and prefix assignment.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ipv6 dhcp client stateful prefix 1 rapid-commit option-group 1

Related commands

ipv6 address dhcp-alloc

ipv6 dhcp client pd

ipv6 dhcp client stateless enable

Use ipv6 dhcp client stateless enable to enable stateless DHCPv6.

Use undo ipv6 dhcp client stateless enable to disable stateless DHCPv6.

Syntax

ipv6 dhcp client stateless enable

undo ipv6 dhcp client stateless enable

Default

Stateless DHCPv6 is disabled.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

Stateless DHCPv6 enables the interface to send an Information-request message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents for configuration parameters.

Examples

# Enable stateless DHCPv6 on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 dhcp client stateless enable

reset ipv6 dhcp client statistics

Use reset ipv6 dhcp client statistics to clear DHCPv6 client statistics.

Syntax

reset ipv6 dhcp client statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all DHCPv6 client statistics.

Examples

# Clear all DHCPv6 client statistics.

<Sysname> reset ipv6 dhcp client statistics

Related commands

display ipv6 dhcp client statistics

DHCPv6 snooping commands

DHCPv6 snooping works between the DHCPv6 client and the DHCPv6 server or between the DHCPv6 client and DHCPv6 the relay agent. DHCPv6 snooping does not work between the DHCPv6 server and the DHCPv6 relay agent.

display ipv6 dhcp snooping binding

Use display ipv6 dhcp snooping binding to display DHCPv6 snooping address entries.

Syntax

display ipv6 dhcp snooping binding [ address ipv6-address [ vlan vlan-id ] | interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

address ipv6-address: Displays the DHCPv6 snooping entry for the specified IPv6 address.

vlan vlan-id: Specifies the ID of the VLAN where the IPv6 address resides.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 snooping entry information for all interfaces.

Usage guidelines

If you do not specify any parameters, this command displays all DHCPv6 snooping address entries.

Examples

# Display all DHCPv6 snooping address entries.

<Sysname> display ipv6 dhcp snooping binding

1 DHCPv6 snooping entries found.

IPv6 address MAC address Lease VLAN SVLAN Interface

================ ============== =========== ==== ===== ========================

2::1 00e0-fc00-0006 54 2 N/A Ten-GigabitEthernet1/0/1

Table 18 Command output

Field	Description
IPv6 Address	IPv6 address assigned to the DHCPv6 client.
MAC Address	MAC address of the DHCPv6 client.
Lease	Remaining lease duration in seconds.
VLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides.
SVLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A.
Interface	Port connecting to the DHCPv6 client.

Related commands

ipv6 dhcp snooping binding record

reset ipv6 dhcp snooping binding

display ipv6 dhcp snooping binding database

Use display ipv6 dhcp snooping binding database to display information about DHCPv6 snooping entry auto backup.

Syntax

display ipv6 dhcp snooping binding database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCPv6 snooping entry auto backup.

<Sysname> display ipv6 dhcp snooping binding database

File name : database.dhcp

Username :

Password :

Update interval : 600 seconds

Latest write time : Feb 27 18:48:04 2012

Status : Last write succeeded.

Table 19 Command output

Field	Description
File name	Name of the DHCPv6 snooping entry backup file.
Username	Username for accessing the URL of the remote backup file.
Password	Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.
Update interval	Waiting time in seconds after a DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file.
Latest write time	Time of the latest update.
Status	Status of the update: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated.

display ipv6 dhcp snooping m-lag-statistics

Use display ipv6 dhcp snooping m-lag-statistics to display statistics about the packets exchanged between M-LAG member devices for DHCPv6 snooping entry synchronization.

Syntax

display ipv6 dhcp snooping m-lag-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays statistics about the packets exchanged between M-LAG primary and secondary devices for DHCPv6 snooping entry synchronization, including synchronization times and the number of synchronized DHCPv6 snooping entries.

Bringing up an M-LAG peer-link interface triggers entry synchronization from the primary device to the secondary device.

Examples

# On the primary device, display statistics about the packets exchanged between M-LAG member devices for DHCPv6 snooping entry synchronization.

<Sysname> display ipv6 dhcp snooping m-lag-statistics

Send Statistics:

Sync start number : 1

Binding valid records addr : 2

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 3

# On the secondary device, display statistics about the packets exchanged between M-LAG member devices for DHCPv6 snooping entry synchronization.

<Sysname> display ipv6 dhcp snooping m-lag-statistics

Recv Statistics:

Sync start number : 1

Binding valid records addr : 2

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Binding valid records pd : 2

Sync end abnormal : NO

Sync end number : 3

Table 20 Command output

Field	Description
Send Statistics	Statistics about sent packets.
Recv Statistics	Statistics about received packets.
Sync start number	Synchronization start number.
Binding valid records addr	Number of valid DHCPv6 snooping address entries that have been synchronized.
Binding valid records pd	Number of valid DHCPv6 snooping prefix entries that have been synchronized.
Sync end abnormal	Whether bulk backup ended abnormally: · NO—Bulk backup ended normally. · YES—Bulk backup ended abnormally.
Sync end number	Synchronization end number.

Related commands

reset ipv6 dhcp snooping m-lag-statistics

display ipv6 dhcp snooping m-lag-status

Use display ipv6 dhcp snooping m-lag-status to display M-LAG status information.

Syntax

display ipv6 dhcp snooping m-lag-status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display M-LAG status information.

<Sysname> display ipv6 dhcp snooping m-lag-status

M-LAG role : Secondary

Peer-link/Peer-link Index : Bridge-Aggregation3/1297

Peer-link State : UP

M-LAG interface/M-LAG group ID : Bridge-Aggregation4/4

Local M-LAG interface state : UP

Peer M-LAG interface state : UP

M-LAG interface/M-LAG group ID : Bridge-Aggregation5/5

Local M-LAG interface state : UP

Table 21 Command output

Field	Description
Configured role	M-LAG member device role: · Primary. · Secondary. If the device state is unknown, this field displays None.
Peer-link/Peer-link Index	Peer-link interface name or peer-link interface index.
Peer-link State	Physical status of the peer-link interface, up or down.
M-LAG interface/M-LAG group ID	M-LAG interface name/M-LAG group ID.
Local M-LAG interface state	Status of the local M-LAG interface: · UP—The M-LAG interface is up if it has Selected ports in its aggregation group. · DOWN—The M-LAG interface is down if it does not have Selected ports in its aggregation group.
Peer M-LAG interface state	Status of the peer M-LAG interface: · UP—The M-LAG interface is up if it has Selected ports in its aggregation group. · DOWN—The M-LAG interface is down if it does not have Selected ports in its aggregation group. · UNKNOWN—The M-LAG interface is in unknown state when the peer-link interface is down.

‌

display ipv6 dhcp snooping packet statistics

Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for DHCPv6 snooping.

Syntax

display ipv6 dhcp snooping packet statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays DHCPv6 packet statistics for the master device.

Examples

# Display DHCPv6 packet statistics for DHCPv6 snooping.

<Sysname> display ipv6 dhcp snooping packet statistics

DHCPv6 packets received : 100

DHCPv6 packets sent : 200

Invalid DHCPv6 packets dropped : 0

Related commands

reset ipv6 dhcp snooping packet statistics

display ipv6 dhcp snooping pd binding

Use display ipv6 dhcp snooping pd binding to display DHCPv6 snooping prefix entries.

Syntax

display ipv6 dhcp snooping pd binding [ interface interface-type interface-number | prefix prefix/prefix-length [ vlan vlan-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCPv6 snooping prefix entry information for all interfaces.

prefix prefix/prefix-length: Specifies an IPv6 prefix with its length. The value range for the prefix-length argument is 1 to 128.

vlan vlan-id: Specifies the ID of the VLAN where the IPv6 prefix resides. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

This command takes effect only after you execute the ipv6 dhcp snooping pd binding record command on the port directly connecting to the clients.

If you do not specify any parameters, this command displays all DHCPv6 snooping prefix entries.

Examples

# Display all DHCPv6 snooping prefix entries.

<Sysname> display ipv6 dhcp snooping pd binding

1 DHCPv6 snooping PD entries found.

IPv6 prefix Lease VLAN SVLAN Interface

================ =========== ==== ===== ========================

1:2::/64 54 2 N/A Ten-GigabitEthernet1/0/1

Table 22 Command output

Field	Description
n DHCPv6 snooping PD entries found.	Total number of DHCPv6 snooping prefix entries.
IPv6 prefix	IPv6 prefix assigned to the DHCPv6 client.
Lease	Remaining lease duration in seconds.
VLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides.
SVLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A.
Interface	Port connecting to the DHCPv6 client.

Related commands

ipv6 dhcp snooping pd binding record

reset ipv6 dhcp snooping pd binding

display ipv6 dhcp snooping trust

Use display ipv6 dhcp snooping trust to display information about trusted ports.

Syntax

display ipv6 dhcp snooping trust

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about trusted ports.

<Sysname> display ipv6 dhcp snooping trust

DHCPv6 snooping is enabled.

Interface Trusted VLAN

============================ ============ =======

XGE1/0/1 - 100

VSI name Tunnel trusted

============================ ============

a Trusted

AC Trusted

============================ ============

XGE1/0/1 srv 1 Trusted

Table 23 Command output

Field	Description
Interface	Interface name.
Trusted	Trusted port specified in global DHCPv6 snooping configuration. If the trusted port is specified in VLAN-based DHCPv6 snooping configuration, this field displays a hyphen (-).
VLAN	VLAN to which the trusted port belongs. If the trusted port is specified in global DHCPv6 snooping configuration, this field displays a hyphen (-).
VSI name	VSI name of the VXLAN tunnel interface. This field is available when you configure the tunnel interface assigned to the VSI as a DHCPv6 snooping trusted interface by using the ipv6 dhcp snooping trust tunnel command.
Tunnel trusted	Trusted tunnel interface specified in VXLAN-based DHCPv6 snooping configuration.
AC	AC name, which is indicated by the interface name and Ethernet service instance name. This field is available when you configure the AC as the DHCPv6 snooping trusted interface by using the ipv6 dhcp snooping trust command in Ethernet service instance view.
Trusted	Trusted AC specified in VXLAN-based DHCPv6 snooping configuration.

‌

Related commands

ipv6 dhcp snooping trust

ipv6 dhcp snooping trust tunnel

ipv6 dhcp snooping alarm enable

Use ipv6 dhcp snooping alarm enable to enable the packet drop alarm.

Use undo ipv6 dhcp snooping alarm enable to disable the packet drop alarm.

Syntax

ipv6 dhcp snooping alarm { relay-forward | request-message } enable

undo ipv6 dhcp snooping alarm { relay-forward | request-message } enable

Default

The packet drop alarm is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

relay-forward: Specifies Relay-Forward check.

request-message: Specifies DHCPv6-REQUEST check.

Usage guidelines

After you enable the packet drop alarm for a feature, the device generates an alarm log when the number of packets dropped by this feature reaches or exceeds the threshold. The alarm log is sent to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

To set the alarm threshold, use the ipv6 dhcp snooping alarm threshold command.

For this command to take effect, you must first execute the ipv6 dhcp snooping log enable command to enable DHCPv6 snooping logging.

Examples

# Enable the packet drop alarm for Relay-Forward check.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping alarm relay-forward enable

Related commands

ipv6 dhcp snooping alarm threshold

ipv6 dhcp snooping check relay-forward

ipv6 dhcp snooping check request-message

ipv6 dhcp snooping log enable

ipv6 dhcp snooping alarm threshold

Use ipv6 dhcp snooping alarm threshold to set a packet drop alarm threshold.

Use undo ipv6 dhcp snooping alarm threshold to restore the default.

Syntax

ipv6 dhcp snooping alarm { relay-forward | request-message } threshold threshold

undo ipv6 dhcp snooping alarm { relay-forward | request-message } threshold

Default

The packet drop alarm threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

relay-forward: Specifies Relay-Forward check.

request-message: Specifies DHCPv6-REQUEST check.

threshold: Specifies the number of dropped packets that trigger a packet drop alarm. The value range is 1 to 1000.

Usage guidelines

The device generates an alarm log when the number of packets dropped due to the check failure reaches or exceeds the alarm threshold.

Examples

# Set the packet alarm threshold to 2 for Relay-Forward check.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping alarm relay-forward threshold 2

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping check relay-forward

ipv6 dhcp snooping check request-message

ipv6 dhcp snooping binding database filename

Use ipv6 dhcp snooping binding database filename to configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to a file.

Use undo ipv6 dhcp snooping binding database filename to disable the auto backup and remove the backup file.

Syntax

ipv6 dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo ipv6 dhcp snooping binding database filename

Default

The DHCPv6 snooping device does not back up DHCPv6 snooping entries.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file. The URL is a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. The supported path format type varies by server.

username username: Specifies the username for accessing the URL of the remote backup file. The username is a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

This command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCPv6 snooping device backs up its snooping entries immediately and runs auto backup. The snooping device, by default, waits 300 seconds after a DHCPv6 snooping entry change to update the backup file. You can use the ipv6 dhcp snooping binding database update interval command to change the waiting time. If no DHCPv6 snooping entry changes, the backup file is not updated.

As a best practice, back up the DHCPv6 snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCPv6 snooping device malfunction.

When the file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

· If the file is on a TFTP server, enter URL in the format of tftp://server address:port/file path, where the port number is optional.

· If the file is on an FTP server, enter URL in the format of ftp://server address:port/file path, where the port number is optional.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename database.dhcp

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the FTP server at 1::1.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename url ftp://[1::1]/database.dhcp username 1 password simple 1

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the TFTP server at 2::1.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename url tftp://[2::1]/database.dhcp

Related commands

ipv6 dhcp snooping binding database update interval

Use ipv6 dhcp snooping binding database update interval to set the waiting time for the DHCPv6 snooping device to update the backup file after a DHCPv6 snooping entry change.

Use undo ipv6 dhcp snooping binding database update interval to restore the default.

Syntax

ipv6 dhcp snooping binding database update interval interval

undo ipv6 dhcp snooping binding database update interval

Default

The DHCPv6 snooping device waits 300 seconds to update the backup file after a DHCPv6 snooping entry change. If no DHCPv6 snooping entry changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the waiting time in seconds, in the range of 60 to 864000.

Usage guidelines

When a DHCPv6 snooping entry is learned, updated, or removed, the waiting period starts. The DHCPv6 snooping device updates the backup file when the waiting period is reached. All snooping entries changed during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command.

Examples

# Set the waiting time to 600 seconds for the DHCPv6 snooping device to update the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database update interval 600

Related commands

ipv6 dhcp snooping binding database filename

ipv6 dhcp snooping binding database update now

Use ipv6 dhcp snooping binding database update now to manually save DHCPv6 snooping entries to the backup file.

Syntax

ipv6 dhcp snooping binding database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCPv6 snooping entries are saved to the backup file.

This command takes effect only after you configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command.

Examples

# Manually save DHCPv6 snooping entries to the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database update now

Related commands

ipv6 dhcp snooping binding database filename

ipv6 dhcp snooping binding record

Use ipv6 dhcp snooping binding record to enable recording DHCPv6 snooping address entries.

Use undo ipv6 dhcp snooping binding record to disable recording DHCPv6 snooping address entries.

Syntax

ipv6 dhcp snooping binding record

undo ipv6 dhcp snooping binding record

Default

Recording of DHCPv6 snooping address entries is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

VSI view

VLAN view

Predefined user roles

network-admin

Usage guidelines

You can configure this command on the ports that are directly connected to the DHCPv6 clients.

This command enables DHCPv6 snooping to record IP-to-MAC information of the DHCPv6 clients (called DHCPv6 snooping address entries).

If you configure this command in a VSI view, it takes effect on the ACs that are mapped to the VSI and the VXLAN tunnel interfaces that are assigned to the VSI.

Examples

# Enable recording DHCPv6 snooping address entries on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping binding record

ipv6 dhcp snooping check relay-forward

Use ipv6 dhcp snooping check relay-forward to enable the Relay-Forward packet check.

Use undo ipv6 dhcp snooping check relay-forward to disable the Relay-Forward packet check.

Syntax

ipv6 dhcp snooping check relay-forward

undo ipv6 dhcp snooping check relay-forward

Default

The Relay-Forward packet check is disabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

A DHCPv6 snooping device functions between DHCPv6 clients and a DHCPv6 server, or between DHCPv6 clients and a DHCPv6 relay agent. When a DHCPv6 relay agent receives a DHCPv6 request, it generates a Relay-Forward packet, adds client information to Option 79, and then forwards the packet to the DHCPv6 server. If the DHCPv6 snooping device receives a Relay-Forward packet, it indicates that the DHCPv6 snooping device location is not correct. In this case, the DHCPv6 snooping device cannot work correctly.

This feature enables the DHCPv6 snooping device to drop Relay-Forward packets. When the number of dropped Relay-Forward packets reaches or exceeds the threshold, the device generates a log for administrators to adjust locations of the DHCPv6 devices.

Examples

# Enable the Relay-Forward packet check on Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping check relay-forward

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping alarm threshold

ipv6 dhcp snooping check request-message

Use ipv6 dhcp snooping check request-message to enable the DHCPv6-REQUEST check feature.

Use undo ipv6 dhcp snooping check request-message to disable the DHCPv6-REQUEST check feature.

Syntax

ipv6 dhcp snooping check request-message

undo ipv6 dhcp snooping check request-message

Default

The DHCPv6-REQUEST check feature is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The feature enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-REBIND, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.

· If any criterion in an entry is matched, the device compares the entry with the message information.

¡ If they are consistent, the device considers the message valid and forwards it to the DHCPv6 server.

¡ If they are different, the device considers the message forged and discards it.

· If no matching entry is found, the device forwards the message to the DHCPv6 server.

Examples

# Enable DHCPv6-REQUEST check.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping check request-message

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping alarm threshold

ipv6 dhcp snooping client-detect

Use ipv6 dhcp snooping client-detect to enable client offline detection.

Use undo ipv6 dhcp snooping client-detect to disable client offline detection.

Syntax

ipv6 dhcp snooping client-detect

undo ipv6 dhcp snooping client-detect

Default

Client offline detection is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When a DHCPv6 client goes offline abnormally, it does not send a message to the DHCPv6 server to release the IPv6 address or prefix. As a result, the DHCPv6 server is not aware of the offline event and cannot release the address or prefix lease of the client in a timely manner.

With this feature enabled, the DHCPv6 snooping device performs the following operations when the ND entry of a client ages out:

1. Deletes the DHCPv6 snooping entry for the client.

2. Sends a release message to the DHCPv6 server to inform the server to release the address or prefix lease of the client.

Examples

# Enable client offline detection.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping client-detect

ipv6 dhcp snooping deny

Use ipv6 dhcp snooping deny to configure a port as DHCPv6 packet blocking port.

Use undo ipv6 dhcp snooping deny to restore the default.

Syntax

ipv6 dhcp snooping deny

undo ipv6 dhcp snooping deny

Default

A port does not block DHCPv6 requests.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

To avoid IPv6 address and prefix acquisition failure, configure a port to block DHCPv6 packets only if no DHCPv6 clients are connected to it.

To enable a port on the snooping device to drop all incoming DHCPv6 requests, configure that port as a DHCPv6 packet blocking port.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a DHCPv6 packet blocking port.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping deny

ipv6 dhcp snooping disable

Use ipv6 dhcp snooping disable to disable DHCPv6 snooping.

Use undo ipv6 dhcp snooping disable to restore the default.

Syntax

ipv6 dhcp snooping disable

undo ipv6 dhcp snooping disable

Default

If you enable DHCPv6 snooping globally or for a VLAN, DHCPv6 snooping is enabled on all interfaces on the device or on all interfaces in the VLAN.

If you do not enable DHCPv6 snooping globally or for a VLAN, DHCPv6 snooping is disabled on all interfaces on the device or on all interfaces in the VLAN.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command allows you to narrow down the interface range where DHCPv6 snooping takes effect. For example, to enable DHCPv6 snooping globally except for a specific interface, you can enable DHCPv6 snooping globally and execute this command on the target interface.

Examples

# Disable DHCPv6 snooping on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping disable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping enable vlan

ipv6 dhcp snooping enable

Use ipv6 dhcp snooping enable to enable DHCPv6 snooping.

Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping.

Syntax

ipv6 dhcp snooping enable

undo ipv6 dhcp snooping enable

Default

DHCPv6 snooping is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use the DHCPv6 snooping feature together with trusted port configuration. Trusted ports forward responses from DHCPv6 servers and untrusted ports discard responses from DHCPv6 servers. This mechanism ensures that DHCPv6 clients obtain IPv6 addresses or prefixes from authorized DHCPv6 servers.

When DHCPv6 snooping is disabled, all ports on the device forward responses from DHCPv6 servers.

Examples

# Enable DHCPv6 snooping.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

Related commands

ipv6 dhcp snooping disable

ipv6 dhcp snooping relay-agent enable

ipv6 dhcp snooping enable vlan

Use ipv6 dhcp snooping enable vlan to enable DHCPv6 snooping for VLANs.

Use undo ipv6 dhcp snooping enable vlan to disable DHCPv6 snooping for VLANs.

Syntax

ipv6 dhcp snooping enable vlan vlan-id-list

undo ipv6 dhcp snooping enable vlan vlan-id-list

Default

DHCPv6 snooping is disabled for all VLANs.

Views

System view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must be greater than the value for the vlan-id1 argument.

Usage guidelines

After you enable DHCPv6 snooping for a VLAN, DHCPv6 snooping untrusted ports in the VLAN discard incoming DHCPv6 responses. This mechanism ensures that DHCPv6 clients obtain IP addresses from authorized DHCPv6 servers.

After you disable DHCPv6 snooping for a VLAN, all interfaces in the VLAN can forward DHCPv6 responses.

After you enable DHCPv6 snooping globally, all VLANs on the device are also enabled with DHCPv6 snooping. To disable DHCPv6 snooping in a VLAN, disable DHCPv6 snooping globally and in the VLAN.

Examples

# Enable DHCPv6 snooping for VLANs 5,10, 20, and 32.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable vlan 5 10 to 20 32

Related commands

ipv6 dhcp snooping disable

ipv6 dhcp snooping trust interface

ipv6 dhcp snooping log enable

Use ipv6 dhcp snooping log enable to enable DHCPv6 snooping logging.

Use undo ipv6 dhcp snooping log enable to disable DHCPv6 snooping logging.

Syntax

ipv6 dhcp snooping log enable

undo ipv6 dhcp snooping log enable

Default

DHCPv6 snooping logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCPv6 snooping device to generate DHCPv6 snooping logs and send them to the information center. The log information helps administrators locate and solve problems. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance.

Examples

# Enable DHCPv6 snooping logging.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping log enable

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping max-learning-num

Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn.

Use undo ipv6 dhcp snooping max-learning-num to restore the default.

Syntax

ipv6 dhcp snooping max-learning-num max-number

undo ipv6 dhcp snooping max-learning-num

Default

The number of DHCPv6 snooping entries for an interface to learn is not limited.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Sets the maximum number of DHCPv6 snooping entries for an interface to learn. The value range is 1 to 4294967295.

Usage guidelines

When an interface learns the maximum number of DHCPv6 snooping entries, the interface stops learning DHCPv6 snooping entries. This does not affect the operation of the DHCPv6 snooping feature.

Examples

# Configure the Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 to learn a maximum of 10 DHCPv6 snooping entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping max-learning-num 10

ipv6 dhcp snooping option interface-id enable

Use ipv6 dhcp snooping option interface-id enable to enable support for the interface-ID option (also called Option 18).

Use undo ipv6 dhcp snooping option interface-id enable to disable support for the interface-ID option.

Syntax

ipv6 dhcp snooping option interface-id enable

undo ipv6 dhcp snooping option interface-id enable

Default

Option 18 is not supported.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only when DHCPv6 snooping is globally enabled or is enabled in the VLAN to which the interface belongs.

Examples

# Enable support for Option 18.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option interface-id string

ipv6 dhcp snooping option interface-id

Use ipv6 dhcp snooping option interface-id to specify the content as the interface ID for Option 18.

Use undo ipv6 dhcp snooping option interface-id to restore the default.

Syntax

ipv6 dhcp snooping option interface-id [ vlan vlan-id ] string interface-id

undo ipv6 dhcp snooping option interface-id [ vlan vlan-id ]

Default

The DHCPv6 snooping device uses its DUID as the content for Option 18.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the interface ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the interface ID for packets received from the default VLAN.

interface-id: Specifies a string of 1 to 128 characters as the interface ID.

Examples

# Specify company001 as the interface ID.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id string company001

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option interface-id enable

ipv6 dhcp snooping option remote-id enable

Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37).

Use undo ipv6 dhcp snooping option remote-id enable to disable support for the remote-ID option.

Syntax

ipv6 dhcp snooping option remote-id enable

undo ipv6 dhcp snooping option remote-id enable

Default

Option 37 is not supported.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only when DHCPv6 snooping is globally enabled or is enabled in the VLAN to which the interface belongs.

Examples

# Enable support for Option 37.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option remote-id string

Use ipv6 dhcp snooping option remote-id string to specify the content as the remote ID for Option 37.

Use undo ipv6 dhcp snooping option remote-id to restore the default.

Syntax

ipv6 dhcp snooping option remote-id [ vlan vlan-id ] string remote-id

undo ipv6 dhcp snooping option remote-id [ vlan vlan-id ]

Default

The DHCPv6 snooping device uses its DUID as the content for Option 37.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the remote ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the remote ID for packets received from the default VLAN.

remote-id: Specifies a string of 1 to 128 characters as the remote ID.

Examples

# Specify device001 as the remote ID.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id string device001

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option remote-id enable

ipv6 dhcp snooping pd binding record

Use ipv6 dhcp snooping pd binding record to enable recording DHCPv6 snooping prefix entries.

Use undo ipv6 dhcp snooping pd binding record to disable recording DHCPv6 snooping prefix entries.

Syntax

ipv6 dhcp snooping pd binding record

undo ipv6 dhcp snooping pd binding record

Default

Recording of DHCPv6 snooping prefix entries is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

VXLAN VSI interface view

VLAN view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCPv6 snooping to record IPv6 prefix-to-port information of the DHCPv6 clients (called DHCPv6 snooping prefix entries). When IP source guard (IPSG) is configured on the DHCPv6 snooping device, IPSG can generate dynamic bindings based on the DHCPv6 snooping prefix entries to filter out illegitimate packets.

If you configure this command in a VSI view, this command takes effect on the ACs that are mapped to the VSI and the VXLAN tunnel interfaces that are assigned to the VSI.

Examples

# Enable DHCPv6 snooping prefix entries on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname]interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping pd binding record

Related commands

display ipv6 dhcp snooping pd binding

ipv6 dhcp snooping rate-limit

Use ipv6 dhcp snooping rate-limit to enable DHCPv6 snooping packet rate limit on an interface and set the limit value.

Use undo ipv6 dhcp snooping rate-limit to disable DHCPv6 snooping packet rate limit.

Syntax

ipv6 dhcp snooping rate-limit rate

undo ipv6 dhcp snooping rate-limit

Default

The DHCPv6 snooping packet rate limit is disabled on an interface.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum rate in Kbps. The value range is 64 to 512.

Usage guidelines

This command takes effect only when DHCPv6 snooping is enabled.

The DHCPv6 packet rate limit feature enables the interface to discard DHCPv6 packets that exceed the maximum rate.

The rate configured on a Layer 2 aggregate interface applies to all members of the aggregate interface. If a member interface leaves the aggregation group, it uses the rate configured in its Ethernet interface view.

The chip-supported maximum rate must be an integer multiple of eight. If you set the maximum rate to 67, the value 64 or 72 takes effect.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to receive DHCPv6 packets at a maximum rate of 64 Kbps.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping rate-limit 64

ipv6 dhcp snooping relay-agent enable

Use ipv6 dhcp snooping relay-agent enable to enable the lightweight DHCPv6 relay agent (LDRA) on an interface.

Use undo ipv6 dhcp snooping relay-agent enable to disable LDRA on an interface.

Syntax

ipv6 dhcp snooping relay-agent enable [ trust ]

undo ipv6 dhcp snooping relay-agent enable [ trust ]

Default

By default, LDRA is disabled on the interface.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

trust: Specifies the interface as a trusted interface. The device trusts the Relay-Forward packets received on the interface and forwards them to the DHCPv6 server. If you do not specify this keyword, the device drops the Relay-Forward packets received on this interface.

Usage guidelines

Some DHCPv6 servers assign IPv6 addresses or prefixes to DHCPv6 clients only based on the Interface ID option in Relay-Forward packets generated by DHCPv6 relay agents. If no DHCPv6 relay agents exist in the network, these DHCPv6 servers cannot assign IPv6 addresses or prefixes based on the Interface ID option.

To solve this problem, you can enable LDRA on the receiving interface of DHCPv6 requests on the DHCPv6 snooping device. The feature allows the interface to generate a Relay-Forward packet for a received DHCPv6 request and to insert the Interface ID option in the packet. The DHCPv6 server then can assign an IPv6 address or prefix based on the Interface ID option.

A network might have multiple cascaded lightweight DHCPv6 relay agents. As a best practice, do not specify the trust keyword if illegal Relay-Forward packets exist in the network.

For this command to take effect, you must first execute the ipv6 dhcp snooping enable command to enable DHCPv6 snooping.

If this command and the ipv6 dhcp snooping option interface-id enable command are both executed, this command does not take effect.

Examples

# Enable LDRA on Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping relay-agent enable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping trust

Use ipv6 dhcp snooping trust to configure a port as a trusted port.

Use undo ipv6 dhcp snooping trust to restore the default state of a port.

Syntax

ipv6 dhcp snooping trust

undo ipv6 dhcp snooping trust

Default

After you enable DHCPv6 snooping, all ports are untrusted.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Ethernet service instance view

Predefined user roles

network-admin

Usage guidelines

Specify the port facing the DHCPv6 server as trusted and specify the other ports as untrusted so DHCPv6 clients can obtain valid IP addresses.

Examples

# Specify Ten-GigabitEthernet 1/0/1 as a trusted port.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping trust

Related commands

display ipv6 dhcp snooping trust

ipv6 dhcp snooping trust interface

Use ipv6 dhcp snooping trust interface to configure a port in a VLAN as a DHCPv6 snooping trusted port.

Use undo ipv6 dhcp snooping trust interface to restore the default state of a port in a VLAN.

Syntax

ipv6 dhcp snooping trust interface interface-type interface-number

undo ipv6 dhcp snooping trust interface interface-type interface-number

Default

After you enable DHCPv6 snooping for a VLAN, all ports in the VLAN are DHCPv6 snooping untrusted ports.

Views

VLAN view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

In a VLAN, specify the port facing the DHCPv6 server as trusted and specify the other ports as untrusted so DHCPv6 clients can obtain valid IP addresses.

You can execute this command multiple times in a VLAN to configure multiple trusted ports in the VLAN.

Make sure the specified port is in the VLAN for which the ipv6 dhcp snooping enable vlan command is configured.

Examples

# In VLAN 1, configure Ten-GigabitEthernet 1/0/1 as a trusted port.

<Sysname> system-view

[Sysname] vlan 1

[Sysname-vlan1] ipv6 dhcp snooping trust interface ten-gigabitethernet 1/0/1

Related commands

ipv6 dhcp snooping enable vlan

ipv6 dhcp snooping trust tunnel

Use ipv6 dhcp snooping trust tunnel to configure VXLAN tunnel interfaces assigned to a VSI as trusted interfaces.

Use undo ipv6 dhcp snooping trust tunnel to restore the default.

Syntax

ipv6 dhcp snooping trust tunnel

undo ipv6 dhcp snooping trust tunnel

Default

After you enable DHCPv6 snooping, all tunnel interfaces are untrusted.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

With DHCPv6 snooping enabled, only the DHCPv6 snooping trusted ports forward responses from DHCPv6 servers. To ensure VXLAN tunnel interfaces can forward DHCPv6 messages correctly, configure the VXLAN tunnel interfaces as DHCPv6 snooping trusted.

Examples

# Configure the tunnel interfaces as trusted in the VSI a.

<Sysname> system-view

[Sysname]vsi a

[Sysname-vsi-a] ipv6 dhcp snooping trust tunnel

Related commands

display ipv6 dhcp snooping trust

reset ipv6 dhcp snooping binding

Use reset ipv6 dhcp snooping binding to clear DHCPv6 snooping address entries.

Syntax

reset ipv6 dhcp snooping binding { all | address ipv6-address [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address.

vlan vlan-id: Clears DHCPv6 snooping address entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCPv6 snooping address entries for the default VLAN.

all: Clears all DHCPv6 snooping address entries.

Examples

# Clear all DHCPv6 snooping address entries.

<Sysname> reset ipv6 dhcp snooping binding all

Related commands

display ipv6 dhcp snooping binding

reset ipv6 dhcp snooping m-lag-statistics

Use reset ipv6 dhcp snooping m-lag-statistics to clear statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

Syntax

reset ipv6 dhcp snooping m-lag-statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

<Sysname> reset ipv6 dhcp snooping m-lag-statistics

Related commands

display ipv6 dhcp snooping m-lag-statistics

reset ipv6 dhcp snooping packet statistics

Use reset ipv6 dhcp snooping packet statistics to clear DHCPv6 packet statistics for DHCPv6 snooping.

Syntax

reset ipv6 dhcp snooping packet statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears DHCPv6 packet statistics for the master device.

Examples

# Clear DHCPv6 packet statistics for DHCPv6 snooping.

<Sysname> reset ipv6 dhcp snooping packet statistics

Related commands

display ipv6 dhcp snooping packet statistics

reset ipv6 dhcp snooping pd binding

Use reset ipv6 dhcp snooping pd binding to clear DHCPv6 snooping prefix entries.

Syntax

reset ipv6 dhcp snooping pd binding { all | prefix prefix/prefix-length [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all DHCPv6 snooping prefix entries.

prefix prefix/prefix-length: Clears DHCPv6 snooping entries for the specified IPv6 prefix. The value range for the prefix-length argument is 1 to 128.

vlan vlan-id: Clears DHCPv6 snooping prefix entries for the specified VLAN. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

If you do not specify any parameters, this command clears all DHCPv6 snooping prefix entries.

Examples

# Clear DHCPv6 snooping prefix entries for 1:2::/64.

<Sysname> reset ipv6 dhcp snooping pd binding prefix 1:2::/64

Related commands

display ipv6 dhcp snooping pd binding

DHCPv6 guard commands

The DHCPv6 guard feature operates correctly only when the device is located between the DHCPv6 client and the DHCPv6 server or between the DHCPv6 client and the DHCPv6 relay agent. If the device is located between the DHCPv6 server and the DHCPv6 relay agent, the DHCPv6 guard feature cannot operate correctly.

When the DHCPv6 guard feature is configured on a DHCPv6 snooping device, both features can take effect. The device forwards DHCPv6 reply packets received on a DHCPv6 snooping trusted port only if they pass the DHCPv6 guard check. These packets are dropped if they fail the DHCPv6 guard check.

device-role

Use device-role to set the role of the device attached to the target interface or VLAN.

Use undo device-role to restore the default.

Syntax

device-role { client | server }

undo device-role

Default

The role is DHCPv6 client for the device attached to the target interface or VLAN.

Views

DHCPv6 guard policy view

Predefined user roles

network-admin

Parameters

client: Sets the device role to DHCPv6 client.

server: Sets the device role to DHCPv6 server.

Usage guidelines

The target interface or VLAN refers to the interface or VLAN to which a DHCPv6 guard policy is applied. The device makes forwarding decisions based on the device role as follows:

· Drops DHCPv6 replies received from the device with the device role of DHCPv6 client.

· Forwards DHCPv6 replies received from the device with the device role of DHCPv6 server only if the packets pass the DHCPv6 guard check.

If the target interface or VLAN is attached to an authorized DHCPv6 server, set the device role to DHCPv6 server for the authorized DHCPv6 server. If no authorized DHCPv6 servers are attached to the target interface or VLAN, set the device role to DHCPv6 client for devices attached to the target interface or VLAN.

The trust port command has a higher priority than the device-role command. If you configure both commands for a DHCPv6 guard policy, the trust port command takes effect.

Examples

# Set the role to DHCPv6 server for the device attached to the target interface or VLAN.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1] device-role server

display ipv6 dhcp guard policy

Use display ipv6 dhcp guard policy to display information about DHCPv6 guard policies.

Syntax

display ipv6 dhcp guard policy [ policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

policy-name: Displays detailed information about a DHCPv6 guard policy. This argument specifies the name of a DHCPv6 guard policy, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays brief information about all DHCPv6 guard policies.

Examples

# Display detailed information about DHCPv6 guard policy p1.

<Sysname> display ipv6 dhcp guard policy p1

Guard policy: p1

Device-role: Server

Trusted port: No

Server preference min value: 23

Server preference max value: 45

Server rule: ACL sed

Reply rule: ACL 3434

Applied to interfaces: XGE1/0/1, XGE1/0/2

Applied to VLANs: 100

# Display brief information about all DHCPv6 guard policies.

<Sysname> display ipv6 dhcp guard policy

Guard policy: p1

Device-role: server

Trusted port: No

Server preference min value: 23

Server preference max value: 45

Server rule: ACL sed

Reply rule: ACL 3434

Guard policy: p2

Device-role: Server

Trusted port: Yes

Server preference min value: 12

Server preference max value: 34

Table 24 Command output

Field	Description
Guard policy	DHCPv6 guard policy name.
Device-role	Device role: · Client—DHCPv6 client role. · Server—DHCPv6 server role.
Trusted port	Whether the trusted port is configured for the guard policy.
Server preference min value	Minimum preference value of the DHCPv6 server. This field is displayed only when the preference min command is configured.
Server preference max value	Maximum preference value of the DHCPv6 server. This field is displayed only when the preference max command is configured.
Server rule	DHCPv6 server address match criterion. This field is displayed only when the if-match server acl command is configured.
Reply rule	Match criterion for the assigned IPv6 addresses/prefixes. This field is displayed only when the if-match reply acl command is configured.
Applied to interfaces	Interfaces to which the DHCPv6 guard policy is applied. Interfaces are separated by commas (,). This field is not displayed when the command displays brief information about DHCPv6 guard policies.
Applied to VLANs	VLANs to which the DHCPv6 guard policy is applied. VLANs are separated by commas (,). This field is not displayed when the command displays brief information about DHCPv6 guard policies.

Related commands

ipv6 dhcp guard policy

if-match reply acl

Use if-match reply acl to configure a match criterion for IPv6 addresses/prefixes assigned by a DHCPv6 server.

Use undo if-match server acl to restore the default.

Syntax

if-match reply acl { acl-number | name acl-name }

undo if-match reply acl

Default

No match criterion is configured for the assigned IPv6 addresses/prefixes, and all assigned IPv6 addresses/prefixes can pass the address/prefix check.

Views

DHCPv6 guard policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL number. The value range for this argument is 2000 to 2999 for a basic ACL and is 3000 to 3999 for an advanced ACL.

name acl-name: Specifies a basic or advanced ACL by its name, a case-insensitive string of 1 to 63 characters. The ACL name must start with an English letter and to avoid confusion, it cannot be all.

Usage guidelines

The device uses the source IPv6 address attributes in the specified ACL to match the assigned IPv6 address/prefix in the received DHCPv6 Reply message.

If the assigned IPv6 address/prefix matches a permit statement in the ACL, the device forwards the Reply message. If the assigned IPv6 address/prefix does not match the ACL, the device drops the Reply message.

When you configure a match criterion for assigned IPv6 addresses and prefixes, follow these guidelines:

· If the specified ACL does not exist or does not have any match rules, all IPv6 addresses and prefixes can match the ACL and the DHCPv6 guard feature will forward all received DHCPv6 Reply messages.

· If the specified ACL does not have any source IP address filters, no IPv6 addresses or prefixes can match the ACL and the DHCPv6 guard feature will discard all received DHCPv6 Reply messages.

· If a rule in the specified ACL is applied to a VPN instance, this rule does not take effect.

If you execute this command multiple times for a DHCPv6 guard policy, the most recent configuration takes effect.

Examples

# Specify ACL 2233 to match IPv6 addresses/prefixes assigned by a DHCPv6 server.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1] if-match reply acl 2233

Related commands

acl (ACL and QoS Command Reference)

rule (IPv6 advanced ACL view) (ACL and QoS Command Reference)

rule (IPv6 basic ACL view) (ACL and QoS Command Reference)

if-match server acl

Use if-match server acl to configure a DHCPv6 server match criterion

Use undo if-match server acl to restore the default.

Syntax

if-match server acl { acl-number | name acl-name }

undo if-match server acl

Default

No DHCPv6 server match criterion is configured, and all DHCPv6 servers are authorized.

Views

DHCPv6 guard policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL number. The value range for this argument is 2000 to 2999 for a basic ACL and is 3000 to 3999 for an advanced ACL.

name acl-name: Specifies a basic or advanced ACL by its name, a case-insensitive string of 1 to 63 characters. The ACL name must start with an English letter and to avoid confusion, it cannot be all.

Usage guidelines

The device uses the source IPv6 address attributes in the specified ACL to match the source IPv6 address in the received DHCPv6 Advertise message.

If the source IPv6 address matches a permit statement in the ACL, the device continues to use other criterion to verify the message. If the source IPv6 address does not match the ACL, the device drops the Advertise message.

When you configure a DHCPv6 server match criterion, follow these guidelines:

· If the specified ACL does not exist or does not have any match rules, all DHCPv6 servers can match the ACL and the DHCPv6 guard feature will forward all received DHCPv6 Advertise messages.

· If the specified ACL does not have any source IP address filters, no DHCPv6 servers can match the ACL and the DHCPv6 guard feature will discard all received DHCPv6 Advertise messages.

· If a rule in the specified ACL is applied to a VPN instance, this rule does not take effect.

If you execute this command multiple times for a DHCPv6 guard policy, the most recent configuration takes effect.

Examples

# Specify ACL 2323 to match DHCPv6 servers.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1] if-match server acl 2323

Related commands

acl (ACL and QoS Command Reference)

rule (IPv6 advanced ACL view) (ACL and QoS Command Reference)

rule (IPv6 basic ACL view) (ACL and QoS Command Reference)

ipv6 dhcp guard apply policy

Use ipv6 dhcp guard apply policy to apply a DHCPv6 guard policy to an interface or a VLAN.

Use undo ipv6 dhcp guard apply policy to restore the default.

Syntax

ipv6 dhcp guard apply policy policy-name

undo ipv6 dhcp guard apply policy

Default

No DHCPv6 guard policy is applied to an interface or VLAN.

Views

Interface view

VLAN view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a DHCPv6 guard policy name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

The DHCPv6 guard policy applied to an interface checks all incoming DHCPv6 replies if the interface is not configured as a trusted port for the DHCPv6 guard policy.

The DHCPv6 guard policy applied to a VLAN checks all incoming DHCPv6 replies if the interfaces in the VLAN are not configured as trusted ports for the DHCPv6 guard policy.

If you apply a nonexistent DHCPv6 guard policy to an interface or VLAN, the device forwards received DHCPv6 replies without check.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Apply DHCPv6 guard policy p1 to Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp guard apply policy p1

# Apply DHCPv6 guard policy p1 to VLAN 100.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] ipv6 dhcp guard apply policy p1

Related commands

ipv6 dhcp guard policy

Use ipv6 dhcp guard policy to create a DHCPv6 guard policy and enter its view, or enter the view of an existing DHCPv6 guard policy.

Use undo ipv6 dhcp guard policy to delete a DHCPv6 guard policy.

Syntax

ipv6 dhcp guard policy policy-name

undo ipv6 dhcp guard policy policy-name

Default

No DHCPv6 guard policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a DHCPv6 guard policy name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

To provide finer level of filtering granularity, you can specify the following parameters for a DHCPv6 guard policy:

· Device role of the device that attached to the target interface or VLAN.

· DHCPv6 server match criterion.

· Match criterion for IPv6 addresses/prefixes assigned by DHCPv6 servers.

· Allowed DHCPv6 server preference range.

The DHCPv6 guard feature runs correctly after you create a DHCPv6 guard policy and apply it to a VLAN or an interface. The DHCPv6 guard feature determines whether to forward DHCPv6 replies based on the match criteria. Only packets that match all criteria are forwarded.

Examples

# Create DHCPv6 guard policy p1 and enter its view.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1]

Related commands

display ipv6 dhcp guard policy

ipv6 dhcp guard apply policy

preference

Use preference to specify an allowed DHCPv6 server preference range.

Use undo preference to restore the maximum or minimum preference to the default value.

Syntax

preference { max max-value | min min-value } *

undo preference [ max | min ]

Default

No DHCPv6 server preference range is configured, and DHCPv6 servers with preferences 1 to 255 can pass the preference check.

Views

DHCPv6 guard policy view

Predefined user roles

network-admin

Parameters

max max-value: Specifies the maximum value of the DHCPv6 server preference, in the range of 1 to 255. The default is 255.

min min-value: : Specifies the minimum value of the DHCPv6 server preference, in the range of 1 to 255. The default is 1. The minimum value cannot be higher than the maximum value.

Usage guidelines

The device uses the specified range to match the DHCPv6 server preference in the received DHCPv6 Advertise message.

· If the DHCPv6 server preference is in the allowed range, the device continues to use other criterion to further match the message.

· If the DHCPv6 server preference in the Advertise message is beyond the allowed range or the message does not carry the preference, the device drops the message.

When an H3C device acts as a DHCPv6 server, use the ipv6 dhcp server preference command to set the preference of the DHCPv6 server.

If you execute this command multiple times for a DHCPv6 guard policy, the most recent configuration takes effect.

Examples

# Set the allowed range to 1 to 100 for the DHCPv6 server preference.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1] preference max 100 min 1

Related commands

ipv6 dhcp server

trust port

Use trust port to configure the port to which the DHCPv6 guard policy applies as a trusted port for the policy.

Use undo trust port to restore the default.

Syntax

trust port

undo trust port

Default

No trusted port is configured for a DHCPv6 guard policy.

Views

DHCPv6 guard policy view

Predefined user roles

network-admin

Usage guidelines

After you configure this command for a DHCPv6 guard policy, the interface and all interfaces in the VLAN to which the DHCPv6 guard policy is applied are trusted ports. The device forwards received DHCPv6 replies on the trusted ports without check.

The trust port command has a higher priority than the device-role command. If you configure both commands for a DHCPv6 guard policy, the trust port command takes effect.

Examples

# Configure the port as a trusted port for the DHCPv6 guard policy.

<Sysname> system-view

[Sysname] ipv6 dhcp guard policy p1

[Sysname-dhcp6-guard-policy-p1] trust port

05-Layer 3—IP Services Command Reference

DHCPv6 commands

DHCPv6 server commands

display ipv6 dhcp prefix-pool

display ipv6 dhcp server

display ipv6 dhcp server conflict

Application scenarios

Operating mechanism

ipv6 dhcp relay source-address

DHCPv6 client commands

display ipv6 dhcp client

DHCPv6 snooping commands

DHCPv6 guard commands

device-role