Cisco 500 Series Administration Manual page 534

Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
STEP 3
STEP 4
Cisco 500 Series Stackable Managed Switch Administration Guide
• Device Role—Displays the device role. See definition in the Add page.
• Minimal Preference—This field indicates whether the DHCPv6 Guard
policy will check the minimum advertised preference value of the packet
received.
- Inherited—Minimal preference is inherited from either the VLAN or
system default (client).
- No Verification—Disables verification of the minimum advertised
preference value of the packet received.
- User Defined—Verifies that the advertised preference value is greater
than or equal to this value. This value must be less than the Maximal
Preference value.
• Maximal Preference—This field indicates whether the DHCPv6 Guard
policy will check the maximum advertised preference value of the packet
received. This value must be greater than the Minimal Preference value.
- Inherited—Maximal preference is inherited from either the VLAN or
system default (client).
- No Verification—Disables verification of the lower boundary of the hop
count limit.
- User Defined—Verifies that the advertised preference value is less than
or equal to this value.
If required, click Add to create a DHCPv6 policy.
Enter the following fields:
• Policy Name—Enter a user-defined policy name.
• Device Role—Select either Server or Client to specify the role of the device
attached to the port for DHCPv6 Guard.
- Inherited—Role of device is inherited from either the VLAN or system
default (client).
- Client—Role of device is client.
- Server—Role of device is server.
• Match Reply Prefixes—Select to enable verification of the advertised
prefixes in received DHCP reply messages within a DHCPv6 Guard policy.
- Inherited—Value is inherited from either the VLAN or system default (no
verification).
23
532