Dhcpv6 Guard - Cisco 500 Series Administration Manual
Stackable managed
Hide thumbs
Also See for 500 Series:
- Configuration manual (1140 pages) ,
- Administration manual (485 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
23
DHCPv6 Guard
517
•
Validation of received Neighbor Discovery protocol messages.
•
Egress filtering
Message Validation
ND Inspection validates the Neighbor Discovery protocol messages, based on an
ND Inspection policy attached to the interface. This policy can be defined in the
ND Inspection Settings page.
If a message does not pass the verification defined in the policy, it is dropped and
a rate limited SYSLOG message is sent.
Egress Filtering
ND Inspection blocks forwarding of RS and CPS messages on interfaces
configured as host interfaces.
DHCPv6 Guard treats the trapped DHCPv6 messages. DHCPv6 Guard supports
the following functions:
•
Filtering of received DHCPv6 messages.
DHCP Guard discards DHCPv6 reply messages received on interfaces
whose role is client. The interface role is configured in the DHCP Guard
Settings page.
•
Validation of received DHCPv6 messages.
DHCPv6 Guard validates DHCPv6 messages that match the filtering based
on the DHCPv6 Guard policy attached to the interface.
If a message does not pass verification, it is dropped. If the logging packet drop
configuration on the FHS common component is enabled, a rate limited SYSLOG
message is sent.
Security: IPv6 First Hop Security
Cisco 500 Series Stackable Managed Switch Administration Guide
DHCPv6 Guard
Hide quick links:
Advertisement
Table of Contents
