Table of Contents
Advertisement
Edge VLAN Mode
Trust ARP Response
Trust DHCP Responses
IPv6 Firewall
DHCPv6 Trust
RA Guard
7. Select
Add
to define a new Bridge VLAN configuration,
or
Delete
to remove a VLAN configuration.
Defines whether the VLAN is currently in edge VLAN mode. An edge VLAN is the VLAN
where hosts are connected. For example, if VLAN 10 is defined with wireless clients
and VLAN 20 is where the default gateway resides, VLAN 10 should be marked as an
edge VLAN and VLAN 20 shouldn't be marked as an edge VLAN. When defining a VLAN
as edge VLAN, the firewall enforces additional checks on hosts in that VLAN. For
example, a host cannot move from an edge VLAN to another VLAN and still keep
firewall flows active.
When ARP trust is enabled, a green check mark displays. When disabled, a red "X"
displays. Trusted ARP packets are used to update the IP-MAC Table to prevent IP spoof
and arp-cache poisoning attacks.
When DHCP trust is enabled, a green check mark displays. When disabled, a red "X"
displays. When enabled, DHCP packets from a DHCP server are considered trusted and
permissible within the network. DHCP packets are used to update the DHCP Snoop
Table to prevent IP spoof attacks.
Lists whether IPv6 is enabled on this Bridge VLAN. A green checkmark defines this
setting as enabled. A red X defines this setting as disabled. IPV6 provides enhanced
identification and location information for computers on networks routing traffic across
the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits
separated by colons. IPv6 hosts can configure themselves automatically when
connected to an IPv6 network using the neighbor discovery protocol via ICMPv6 router
discovery messages. When first connected to a network, a host sends a link-local router
solicitation multicast request for its configuration parameters; routers respond to such
a request with a router advertisement packet that contains Internet Layer configuration
parameters.
Lists whether DHCPv6 responses are trusted on this Bridge VLAN. A green checkmark
defines this setting as enabled. A red X defines this setting as disabled. If enabled, only
DHCPv6 responses are trusted and forwarded over the Bridge VLAN.
Lists whether router advertisements (RA) are allowed on this Bridge VLAN. A green
checkmark defines this setting as enabled. A red X defines this setting as disabled. RAs
are periodically sent to hosts or sent in response to solicitation requests. The
advertisement includes IPv6 prefixes and other subnet and host information.
Edit
to modify or override an existing Bridge VLAN configuration
5 - 309
Hide quick links:
Advertisement
Table of Contents
