Dhcpv6 Guard; Neighbor Binding Integrity - Cisco 350 Series Administration Manual
Managed switches
Hide thumbs
Also See for 350 Series:
- Hardware installation manual (96 pages) ,
- Quick start manual (61 pages) ,
- Manual (10 pages)
Table of Contents
Advertisement
Security: IPv6 First Hop Security
DHCPv6 Guard
DHCPv6 Guard
Neighbor Binding Integrity
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Message Validation
ND Inspection validates the Neighbor Discovery protocol messages, based on an ND
Inspection policy attached to the interface. This policy can be defined in the
Settings
page.
If a message does not pass the verification defined in the policy, it is dropped and a rate limited
SYSLOG message is sent.
Egress Filtering
ND Inspection blocks forwarding of RS and CPS messages on interfaces configured as host
interfaces.
DHCPv6 Guard treats the trapped DHCPv6 messages. DHCPv6 Guard supports the following
functions:
•
Filtering of received DHCPv6 messages.
DHCP Guard discards DHCPv6 reply messages received on interfaces whose role is
client. The interface role is configured in the
•
Validation of received DHCPv6 messages.
DHCPv6 Guard validates DHCPv6 messages that match the filtering based on the
DHCPv6 Guard policy attached to the interface.
If a message does not pass verification, it is dropped. If the logging packet drop configuration
on the FHS common component is enabled, a rate limited SYSLOG message is sent.
Neighbor Binding (NB) Integrity establishes binding of neighbors.
A separate, independent instance of NB Integrity runs on each VLAN on which the feature is
enabled.
DHCPv6 Guard Settings
26
ND Inspection
page.
446
Hide quick links:
Advertisement
Table of Contents
