DHCPv6 Local Server
DHCPv6 Local Server Overview
The DHCPv6 local server is compatible with the DHCP local server and the DHCP relay agent, and can be enabled on the same interface as either the extended DHCP local server or DHCP relay agent.
The DHCPv6 local server provides many of the same features as the DHCP local server, including:
Configuration for a specific interface or for a group of interfaces
Site-specific usernames and passwords
Numbered Ethernet interfaces
Statically configured CoS and filters
AAA directed login
Use of the IA_NA option to assign a specific address to a client
When a DHCPv6 client logs in, the DHCPv6 local server can optionally use the AAA service framework to interact with the RADIUS server. The RADIUS server, which is configured independently of DHCP, authenticates the client and supplies the IPv6 prefix and client configuration parameters.
The client username, which uniquely identifies a subscriber or a DHCP client, must be present in the configuration in order for DHCPv6 local server to use RADIUS authentication.
You can configure DHCPv6 local server to communicate the following attributes to the AAA service framework and RADIUS at login time:
Client username
Client password
Based on the attributes that the DHCPv6 local server provides, RADIUS returns the information listed in Table 1 to configure the client:
Attribute Number |
Attribute Name |
Description |
|---|---|---|
27 |
Session-Timeout |
Lease time, in seconds. If not supplied, the lease does not expire |
123 |
Delegated-IPv6-Prefix |
Prefix that is delegated to the client |
26-143 |
Max-Clients-Per-Interface |
Maximum number of clients allowed per interface |
To configure the extended DHCPv6 local server on the router
(or switch), you include the dhcpv6 statement at the [edit system services dhcp-local-server] hierarchy level.
You can also include the dhcpv6 statement
at the following hierarchy levels:
[edit logical-systems logical-system-name system services dhcp-local-server][edit logical-systems logical-system-name routing-instances routing-instance-name system services dhcp-local-server][edit routing-instances routing-instance-name system services dhcp-local-server]
Configuring DHCPv6 Rapid Commit (MX Series, EX Series)
You can configure the DHCPv6 local server to support the DHCPv6 Rapid Commit option (DHCPv6 option 14). When rapid commit is enabled, the server recognizes the Rapid Commit option in Solicit messages sent from the DHCPv6 client. (DHCPv6 clients are configured separately to include the DHCPv6 Rapid Commit option in the Solicit messages.) The server and client then use a two-message exchange (Solicit and Reply) to configure clients, rather than the default four-message exchange (Solicit, Advertise, Request, and Reply). The two-message exchange provides faster client configuration, and is beneficial in environments in which networks are under a heavy load.
You can configure the DHCPv6 local server to support the Rapid Commit option globally, for a specific group, or for a specific interface. By default, rapid commit support is disabled on the DHCPv6 local server.
To configure the DHCPv6 local server to support the DHCPv6 Rapid Commit option:
See Also
Preventing Binding of Clients That Do Not Support Reconfigure Messages
The DHCPv6 client and server negotiate the use of reconfigure messages. When the client can accept reconfigure messages from the server, then the client includes the Reconfigure Accept option in both solicit and request messages sent to the server.
By default, the DHCPv6 server accepts solicit messages from clients regardless of whether they support reconfiguration. You can specify that the server require clients to accept reconfigure messages. In this case, the DHCPv6 server includes the Reconfigure Accept option in both advertise and reply messages when reconfiguration is configured for the client interface. Solicit messages from nonsupporting clients are discarded and the clients are not allowed to bind.
To configure the DHCPv6 local server to bind only clients that support client-initiated reconfiguration:
Specify strict reconfiguration.
For all DHCPv6 clients:
[edit system services dhcp-local-server dhcpv6 reconfigure] user@host# set strict
For only a particular group of DHCPv6 clients:
[edit system services dhcp-local-server dhcpv6 group group-name reconfigure] user@host# set strict
The show dhcpv6 server statistics command displays
a count of solicit messages that the server has discarded.
See Also
Configuring the DUID Type Supported by DHCPv6 Servers
Every DHCPv6 client and server has a DHCP unique identifier (DUID). Each DUID is globally unique across all DHCPv6 clients and servers in an administrative domain. Messages between clients and servers can carry the client DUID in the Client-Identifier option and the server DUID in the Server-Identifier option. Clients and servers may require that some message types that include different messages may be accepted or discarded based on whether they include one or both of these DUIDs. A server or client may discard some message types when the DUID option value does not match the server’s DUID or the client’s DUID, respectively.
The DUIDs facilitate communication between client/server pairs by providing a means for each to determine whether it is the intended recipient of a message and also identifying where to forward a response. For example, a server uses the server DUID received in a message from a client to determine whether the message is intended for it. Then it can compare the client DUID it has received against its database. When it finds a match, the server sends the associated configuration information to the client. The server also uses the client DUID to select clients for an Identity Association.
The server DUID conveyed to the client enables the client to distinguish between servers. To target a single server, It may include that DUID when it sends multicast messages; only the server identified by the DUID responds.
RFC, 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) defines three types of DUIDs, but we support only the DUID-EN and DUID-LL types:
DUID-EN—(Supported) A device vendor assigns a DUID of this type when the device is manufactured. The value consists of the vendor’s IANA enterprise number followed by a unique number. This is the default type.
DUID-LL—(Supported) This type of DUID includes a hardware type code recognized by IANA, followed by the link-layer address of any network interface permanently connected to the device. DUID-LL is supported only for DHCPv6 servers.
DUID-LLT—(Not supported). This type is similar to the DUID-LL type, but additionally includes the time that the DUID is generated relative to a specific date and time.
The DUID type is specified per routing instance.
To configure the router to use the DUID-LL type:
Specify the type.
[edit system services dhcp-local-server dhcpv6] user@host# set server-duid-type duid-ll
Remove this configuration to return to supporting the DUID-EN type.
Example: Extended DHCPv6 Local Server Configuration
This example shows a sample extended DHCPv6 local server configuration. The second part of the example shows a sample RADIUS authentication configuration—authentication must be configured for DHCPv6 local server operations.
[edit system services]
dhcp-local-server {
dhcpv6 {
authentication {
password $ABC123;
username-include {
user-prefix wallybrown;
domain-name example.com;
}
}
group group_two {
authentication {
password $ABC123$ABC123;
username-include {
user-prefix south5;
domain-name example.com;
}
}
interface ge-1/0/3.0;
}
}
}
The following is a sample RADIUS authentication configuration.
[edit access]
radius-server {
192.168.1.250 {
port 1812;
secret $ABC123;
}
}
profile isp-bos-metro-fiber-basic {
accounting-order radius;
authentication-order radius;
radius {
authentication-server 192.168.1.250;
accounting-server 192.168.1.250;
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
update-interval 10;
statistics time;
}
}