Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
STEP 3
STEP 4
Cisco 500 Series Stackable Managed Switch Administration Guide
•
Device Role—Displays the device role. See definition in the Add page.
•
Minimal Preference—This field indicates whether the DHCPv6 Guard
policy will check the minimum advertised preference value of the packet
received.
-
Inherited—Minimal preference is inherited from either the VLAN or
system default (client).
-
No Verification—Disables verification of the minimum advertised
preference value of the packet received.
-
User Defined—Verifies that the advertised preference value is greater
than or equal to this value. This value must be less than the Maximal
Preference value.
•
Maximal Preference—This field indicates whether the DHCPv6 Guard
policy will check the maximum advertised preference value of the packet
received. This value must be greater than the Minimal Preference value.
-
Inherited—Maximal preference is inherited from either the VLAN or
system default (client).
-
No Verification—Disables verification of the lower boundary of the hop
count limit.
-
User Defined—Verifies that the advertised preference value is less than
or equal to this value.
If required, click Add to create a DHCPv6 policy.
Enter the following fields:
•
Policy Name—Enter a user-defined policy name.
•
Device Role—Select either Server or Client to specify the role of the device
attached to the port for DHCPv6 Guard.
-
Inherited—Role of device is inherited from either the VLAN or system
default (client).
-
Client—Role of device is client.
-
Server—Role of device is server.
•
Match Reply Prefixes—Select to enable verification of the advertised
prefixes in received DHCP reply messages within a DHCPv6 Guard policy.
-
Inherited—Value is inherited from either the VLAN or system default (no
verification).
23
532