dhcpv6-snooping authorized-server


dhcpv6-snooping authorized-server <IPV6-ADDR> [vrf <VRF-NAME>]

no dhcpv6-snooping authorized-server <IPV6-ADDR> [vrf <VRF-NAME>]


Adds an authorized (trusted) DHCPv6 server to a list of authorized servers for use by DHCPv6 snooping. This command can be issued multiple times, adding a maximum of 20 authorized servers per VRF. By default, with an empty list of authorized servers, all DHCPv6 servers are considered to be trusted for DHCPv6 snooping purposes.

The mgmt VRF cannot be used with this command.

Configure the link local IPv6 address instead of global IPv6 address of the DHCPv6 server as the authorized-server. For example:
switch(config)# dhcpv6-snooping authorized-server fe80::2ca4:fa40:d4cd:bc2f

The no form of this command deletes the specified DHCPv6 server from the authorized list.

Command context




Specifies the IPv6 address of the trusted DHCPv6 server.

vrf <VRF-NAME>

Specifies the VRF name. The name can be default or a configured VRF instance but it cannot be mgmt.


Administrators or local user group members with execution rights for this command.


For authorized server lookup, the VRF is derived from the Switch Virtual Interface (SVI) configured for the incoming VLAN. If the SVI is not configured, the default VRF is assumed.


Adding DHCP servers ABCD:5ACD::2000, and ABCD:5ACD::2010 to the authorized server list:

switch(config)# dhcpv6-snooping authorized-server ABCD:5ACD::2000 vrf default
switch(config)# dhcpv6-snooping authorized-server ABCD:5ACD::2010 vrf default

Removing DHCP server ABCD:5ACD::2000 from the authorized server list:

switch(config)# no dhcpv6-snooping authorized-server ABCD:5ACD::2000 vrf default