Cisco 300 Series Administration Manual page 451
Managed switch
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Quick start manual (72 pages) ,
- Datasheet (14 pages)
Table of Contents
Advertisement
Security: IPV6 First Hop Security
First Hop Security Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
•
Neighbor Solicitation (NS) messages
•
ICMPv6 Redirect messages
•
Certification Path Advertisement (CPA) messages
•
Certification Path Solicitation (CPS) messages
•
DHCPv6 messages
Trapped RA, CPA, and ICMPv6 Redirect messages are passed to the RA Guard
feature. RA Guard validates these messages, drops illegal message, and legal
messages passes to the ND Inspection feature.
ND Inspection validates these messages and drops illegal message, and legal
messages passes to the IPv6 Source Guard feature.
Trapped DHCPv6 messages are passed to the DHCPv6 Guard feature. DHCPv6
Guard validates these messages, drops illegal message, and legal messages
passes to the IPv6 Source Guard feature.
Trapped data messages are passed to the IPv6 Source Guard feature. IPv6
Source Guard validates received messages (trapped data messages, NDP
messages from ND Inspection, and DHCPv6 messages from DHCPv6 Guard)
using the Neighbor Binding Table, drops illegal messages, and passes legal
messages to forwarding.
Neighbor Binding Integrity learns neighbors from the received messages (NDP
and DHCPv6 messages) and stores them in the Neighbor Binding table.
Additionally, static entries can be added manually. After learning the addresses,
the NBI feature passes the frames for forwarding.
Trapped RS,CPS NS and NA messages are also passed to the ND Inspection
feature. ND Inspection validates these messages, drops illegal messages, and
passes legal messages to the IPv6 Source Guard feature.
20
413
Advertisement
Table of Contents
