Device-Role (Nd Inspection Policy) - Cisco 300 Series Cli Manual
Stackable managed switches
Hide thumbs
Also See for 300 Series:
- Cli manual (899 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
25
493
Command Mode
Neighbor Binding Policy Configuration mode.
User Guidelines
If this command is part of a policy attached to a VLAN, it is applied to all the ports
in the VLAN. If it is defined in a policy attached to a port in the VLAN, this value
overrides the value in the policy attached to the VLAN.
NB Integrity supports the perimetrical model (see RFC 6620).
This model specifies two types of ports:
•
Perimeter Port—Specifies ports connected to devices not supporting NB
Integrity. NB Integrity establishes binding for neighbors connected to these
ports. Source Guard does not function on these ports.
•
Internal Port—The second type specifies ports connected to devices
supporting IPv6 First Hop Security. NB Integrity does not establish binding
for neighbors connected to these ports, but it does propagate the bindings
established on perimeter ports.
A dynamic IPv6 address bound to a port is deleted when its role is changed from
perimetrical to internal. A static IPv6 address is kept.
Example
The following example defines a Neighbor Binding policy named policy 1 and
configures the port role as an internal port:
switchxxxxxx(config)#
switchxxxxxx(config-nbr-binding)#
switchxxxxxx(config-nbr-binding)#
25.9 device-role (ND Inspection Policy)
To specify the role of the device attached to the port within an IPv6 ND Inspection
policy, use the device-role command in ND Inspection Policy Configuration mode.
To disable this function, use the no form of this command.
Syntax
device-role {host | router}
ipv6 neighbor binding policy policy1
device-role internal
exit
OL-32830-01 Command Line Interface Reference Guide
IPv6 First Hop Security
Advertisement
Table of Contents
