25
539
Name
NA message
NDP
NS message
RA message
RS message
SAVI
IPv6 First Hop Security Components
IPv6 First Hop Security includes the following features:
•
IPv6 First Hop Security Common
•
RA Guard
•
ND Inspection
•
Neighbor Binding Integrity
•
DHCPv6 Guard
•
IPv6 Source Guard
These components can be enabled or disabled on VLANs.
There are two empty, pre-defined policies per each feature with the following names:
vlan_default and port_default. The first one is attached to each VLAN that is not attached to a
user-defined policy and the second one is connected to each interface and VLAN that is not
attached to a user-defined policy. These policies cannot be attached explicitly by the user. See
Policies, Global Parameters and System
IPv6 First Hop Security Pipe
If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages:
•
Router Advertisement (RA) messages
•
Router Solicitation (RS) messages
•
Neighbor Advertisement (NA) messages
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Description
Neighbor Advertisement message
Neighbor Discovery Protocol
Neighbor Solicitation message
Router Advertisement message
Router Solicitation message
Source Address Validation Improvement
Defaults.
Security: IPv6 First Hop Security
IPv6 First Hop Security Overview