No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
LDRA Supported by DHCPv6 Snooping

LDRA Supported by DHCPv6 Snooping

Overview

A Lightweight DHCPv6 Relay Agent (LDRA), defined in RFC 6221, is used to insert relay agent options in DHCPv6 exchange messages to identify user locations.

Similar to Option 82 in DHCPv4, the LDRA provides user location information in DHCPv6. Generally, the LDRA is configured on the client-side access devices.

Implementation

The working mechanism of an LDRA is similar to that of a DHCPv6 relay agent. When receiving a DHCPv6 request from a client, the LDRA-enabled device encapsulates client location information (such as the information about the interface connecting the client and the device) in a Relay-Forward message, and forwards the message to the DHCPv6 server. The DHCPv6 server obtains the location information of the client, and accordingly assigns an IP address, QoS policy, and access control policy to the client.

Figure 9-3 shows the LDRA interaction process.

Figure 9-3  LDRA interaction process
  1. A DHCPv6 client sends a DHCPv6 request message to the LDRA-enabled device.
  2. The LDRA-enabled device encapsulates the request message into the relay agent option and the location information of the client into the interface-id or remote-id option in a Relay-Forward message and forwards the message to the DHCPv6 server.
  3. The DHCPv6 server obtains the request message and location information of the client from the Relay-Forward message. The server then selects an IPv6 address and other parameters for the client, constructs a reply, encapsulates the reply into a Relay-Reply message, and sends the Relay-Reply message to the LDRA-enabled device.
  4. The LDRA-enabled device obtains the reply from the Relay-Reply message, and forwards the reply to the DHCPv6 client. The client then obtains the address of the DHCPv6 server, and obtains an IPv6 address and other parameters from the server.

For details about the Relay-Forward and Relay-Reply messages, see DHCPv6 Packets in "DHCPv6 Configuration" in the S7700 and S9700 V200R011C10 Configuration Guide-IP Service.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 145709

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next