Port 546 carries DHCPv6 client traffic. Every time a device with IPv6 joins a network and doesn't already know its address, it listens on this port for the server's response.
The Paradox
You need an address to speak on a network. But to get an address, you need to speak. This is the chicken-and-egg problem that DHCP solves, and DHCPv6 is the IPv6 version of that solution.1
A device joining an IPv6 network sends out a message: "I need an address." It listens on port 546 for the DHCPv6 server's response on port 547. The server tells it: "Here's your IPv6 address, here's your default gateway, here's your DNS server."
The device now has an identity on the network. It can communicate.
How DHCPv6 Works
DHCPv6 is the successor to DHCP (which uses ports 67 and 68 for IPv4). When IPv6 was created to solve the address exhaustion problem of IPv4's 32-bit address space, the DHCP protocol had to be redesigned for 128-bit addresses.2
The DHCPv6 process:
- Solicit — Client broadcasts "I need configuration" (listening on port 546)
- Advertise — Server responds "I can help you" (from port 547)
- Request — Client asks for specific configuration
- Reply — Server provides the IPv6 address and other network parameters
Unlike IPv4 DHCP, DHCPv6 can operate in stateful mode (server assigns addresses) or stateless mode (server provides configuration but addresses come from SLAAC—Stateless Address Autoconfiguration).
The History
DHCPv6 was first defined in RFC 3315 in 2003, specifying that clients listen on UDP port 546 while servers and relay agents listen on UDP port 547.3
The protocol was updated in RFC 8415 (2018), which incorporated several extensions including prefix delegation, stateless DHCPv6, and client throttling mechanisms. The port assignments remained unchanged.4
The separation between client port (546) and server port (547) mirrors the IPv4 DHCP design (ports 68 and 67), but the protocol itself was rebuilt from scratch for the IPv6 world.
Why Two Ports?
DHCPv6 uses separate ports for clients (546) and servers (547) to allow both to listen simultaneously on the same machine. A device can be a DHCPv6 client on one interface and a DHCPv6 relay agent on another. The port separation makes this possible.
This also allows firewalls to create precise rules: allow outbound client requests (destination port 547) but block inbound server traffic (destination port 546) unless the device is supposed to receive DHCPv6 responses.
Security Considerations
Port 546 represents a trust boundary. A device listening on this port will accept network configuration from DHCPv6 servers. A rogue DHCPv6 server on the network could:
- Assign incorrect addresses, breaking connectivity
- Provide a malicious DNS server, redirecting traffic
- Set a rogue default gateway, intercepting all traffic
DHCPv6 Guard is a security feature on managed switches that prevents unauthorized DHCPv6 servers from responding to clients. Only designated ports are allowed to send DHCPv6 server messages.
Firewall rules should restrict DHCPv6 server traffic (port 547) to only trusted servers. Client traffic (port 546) should only accept responses to requests that were actually sent.
Stateful vs. Stateless
DHCPv6 can operate in two modes:
Stateful DHCPv6 — Server assigns and tracks IPv6 addresses (similar to IPv4 DHCP)
Stateless DHCPv6 — Devices generate their own addresses using SLAAC, but DHCPv6 provides other configuration (DNS servers, domain names)
Many IPv6 networks use SLAAC for address assignment and stateless DHCPv6 for everything else. Port 546 carries both types of traffic.
Related Ports
- Port 547 — DHCPv6 Server and Relay Agent (the other half of the DHCPv6 conversation)
- Port 67 — DHCP Server (IPv4 version)
- Port 68 — DHCP Client (IPv4 version)
Checking What's Listening
To see if DHCPv6 client services are listening on port 546:
On Linux/macOS:
On Windows:
Most systems run a DHCPv6 client by default on IPv6-enabled interfaces. You'll typically see dhclient, dhcpcd, or the system's built-in IPv6 configuration daemon listening on this port.
The IPv6 Migration
Port 546 exists because the Internet outgrew IPv4. The 4.3 billion addresses in IPv4's 32-bit space weren't enough for a world where every phone, tablet, car, and appliance needs an address.
IPv6 provides 340 undecillion addresses (2^128). DHCPv6 is one of the ways devices get their slice of that vast space.
The protocol is different enough from IPv4 DHCP that it needed its own ports, its own RFCs, its own way of thinking about address assignment. Port 546 is where that new world begins—where devices ask who they are in an Internet big enough for everyone.
Esta página foi útil?