Related Topics
Information about First Hop Security in IPv6, on page 678
How to Configure IPv6 Source Guard
SUMMARY STEPS
1. enable
2. configure terminal
3. [no] ipv6 source-guard policy policy_name
4. [deny global-autoconf] [permit link-local] [default{. . . }] [exit] [no{. . . }]
5. end
6. show ipv6 source-guard policy policy_name
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Switch> enable
Step 2
configure terminal
Example:
Switch# configure terminal
Step 3
[no] ipv6 source-guard policy policy_name
Example:
Switch(config)#
example_policy
Step 4
[deny global-autoconf] [permit link-local]
[default{. . . }] [exit] [no{. . . }]
Example:
Switch(config-sisf-sourceguard)#
global-autoconf
ipv6 source-guard policy
deny
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Enters the global configuration mode.
Specifies the IPv6 Source Guard policy name and enters IPv6
Source Guard policy configuration mode.
(Optional) Defines the IPv6 Source Guard policy.
• deny global-autoconf—Denies data traffic from
auto-configured global addresses. This is useful when all
global addresses on a link are DHCP-assigned and the
administrator wants to block hosts with self-configured
addresses to send traffic.
• permit link-local—Allows all data traffic that is sourced by
a link-local address.
Trusted option under source guard policy is not
Note
supported.
How to Configure IPv6 Source Guard
705