Cisco 500 Series Administration Manual page 526

Security: IPv6 First Hop Security
Policies, Global Parameters and System Defaults
Cisco 500 Series Stackable Managed Switch Administration Guide
Features must initially be enabled on specific VLANs. When you enable the
feature, you can also define global configuration values for that feature's rules of
verification. If you do not define a policy that contain different values for these
verification rules, the global values are used to apply the feature to packets.
Policies
Policies contain the rules of verification that are performed on input packets. They
can be attached to VLANs and also to ports and LAGs. If the feature is not enabled
on a VLAN, the policies have no effect.
Policies can be user-defined or default policies (see below).
Default Policies
Empty default polices exist for each FHS feature and are by default attached to all
VLANs and interfaces. The default policies are named: "vlan_default" and
"port_default" (for each feature):
• Rules can be added to these default policies. You cannot manually attach
default policies to interfaces. They are attached by default.
• Default policies can never be deleted. You can only delete the user-added
configuration.
User-Defined Policies
You can define policies other than the default policies.
When a user-defined policy is attached to an interface, the default policy for that
interface is detached. If the user-define policy is detached from the interface, the
default policy is reattached.
Policies do not take effect until:
• The feature in the policy is enabled on the VLAN containing the interface
• The policy is attached to the interface (VLAN, port or LAG).
When you attach a policy, the default policy for that interface is detached. When
you remove the policy from the interface, the default policy is reattached.
You can only attach 1 policy (for a specific feature) to a VLAN.
You can attach multiple policies (for a specific feature) to an interface if they
specify different VLANs.
23
524