Table of Contents
Advertisement
Security: IPv6 First Hop Security
Router Advertisement Guard
Router Advertisement Guard
Neighbor Discovery Inspection
Cisco 350XG & 550XG Series 10G Stackable Managed Switches
The device-role command in the Neighbor Binding policy configuration screen
specifies the perimeter.
Each IPv6 First Hop Security switch establishes binding for neighbors partitioned
by the edge. In this way, binding entries are distributed on IPv6 First Hop Security
devices forming the perimeter. The IPv6 First Hop Security devices can then
provide binding integrity to the inside of the perimeter, without setting up bindings
for all the addresses on each device.
Router Advertisement (RA) Guard is the first FHS feature that treats trapped RA
messages. RA Guard supports the following functions:
•
Filtering of received RA, CPA, and ICMPv6 redirect messages.
•
Validation of received RA messages.
Filtering of Received RA, CPA, and IPCMv6 redirect
Messages
RA Guard discards RA and CPA messages received on interfaces whose role are
not router. The interface role is configured in the
Validation of RA messages
RA Guard validates RA messages using the filtering based on the RA Guard policy
attached to the interface. These policies can be configured in
Settings
page.
If a message does not pass verification, it is dropped. If the logging packet drop
configuration on the FHS common component is enabled, a rate limited SYSLOG
message is sent.
Neighbor Discovery (ND) Inspection supports the following functions:
•
Validation of received Neighbor Discovery protocol messages.
RA Guard Settings
page.
theRA Guard
24
504
Hide quick links:
Advertisement
Table of Contents
