Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
STEP 3
STEP 4
STEP 5
Cisco 500 Series Stackable Managed Switch Administration Guide
•
Device Role—Displays the device role that is explained below.
•
Drop Unsecure—Select to enable dropping messages with no CGA or
RSA Signature option within an IPv6 ND Inspection policy.
•
Minimal Security Level—If unsecure messages are not dropped, select
the security level below which messages are not forwarded.
-
No Verification—Disables verification of the security level.
-
User Defined—Specify the security level of the message to be
forwarded.
•
Validate Source MAC—Specify whether to globally enable checking
source MAC address against the link-layer address:
-
Inherited—Inherit value from VLAN or system default (disabled).
-
Enable—Enable checking source MAC address against the link-layer
address.
-
Disable—Disable checking source MAC address against the link-layer
address.
If required, click Add to create an ND Inspection policy.
Enter the following fields:
•
Policy Name—Enter a user-defined policy name.
•
Device Role—Select either Server or Client to specify the role of the device
attached to the port for ND Inspection.
-
Inherited—Role of device is inherited from either the VLAN or system
default (client).
-
Host—Role of device is host.
-
Router—Role of device is router.
•
Drop Unsecure—See above.
•
Minimal Security Level—See above.
•
Validate Source MAC—See above.
Click Apply to add the settings to the Running Configuration file.
23
534