Neighbor Binding Integrity - Cisco 500 Series Administration Manual
Stackable managed
Hide thumbs
Also See for 500 Series:
- Configuration manual (1140 pages) ,
- Administration manual (485 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Security: IPv6 First Hop Security
Neighbor Binding Integrity
Neighbor Binding Integrity
Cisco 500 Series Stackable Managed Switch Administration Guide
Neighbor Binding (NB) Integrity establishes binding of neighbors.
A separate, independent instance of NB Integrity runs on each VLAN on which the
feature is enabled.
Learning Advertised IPv6 Prefixes
NB Integrity learns IPv6 prefixes advertised in RA messages and saves it in the
Neighbor Prefix table. The prefixes are used for verification of assigned global
IPv6 addresses.
By default, this validation is disabled. When it is enabled, addresses are validated
against the prefixes in the Neighbor Binding Settings page.
Static prefixes used for the address validation can be added in the Neighbor
Prefix Table page.
Validation of Global IPv6 Addresses
NB Integrity performs the following validations:
•
If the target address in an NS or NA message is a global IPv6 address, it
must belong to one of the prefixes defined in the RA Prefix table.
•
A global IPv6 address provided by a DHCPv6 server must belong to one of
the prefixes defined in the IPv6 Prefix List (in IP Configuration > IPv6 Prefix
List page).
If a message does not pass this verification, it is dropped and a rate limited
SYSLOG message is sent.
Neighbor Binding Table Overflow
When there is no free space to create a new entry, no entry is created and a
SYSLOG message is sent.
23
518
Hide quick links:
Advertisement
Table of Contents
