5.2.c Implement and troubleshoot IPv6 first hop security

5.2.c [ii] DHCP guard

The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents. Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role. DHCP server messages are only processed further if the device role is set to server. Further processing of server messages includes DHCP server advertisements (for source validation and server preference) and DHCP server replies (for permitted prefixes).

If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 5357-5362).  . Kindle Edition.

http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/15-2s/ip6-dhcpv6-guard.html#topichead2