Security: IPv6 First Hop Security
IPv6 First Hop Security Overview
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Name
NA message
NDP
NS message
RA message
RS message
SAVI
IPv6 First Hop Security Components
IPv6 First Hop Security includes the following features:
•
IPv6 First Hop Security Common
•
RA Guard
•
ND Inspection
•
Neighbor Binding Integrity
•
DHCPv6 Guard
•
IPv6 Source Guard
These components can be enabled or disabled on VLANs.
There are two empty, pre-defined policies per each feature with the following names:
vlan_default and port_default. The first one is attached to each VLAN that is not attached to a
user-defined policy and the second one is connected to each interface and VLAN that is not
attached to a user-defined policy. These policies cannot be attached explicitly by the user. See
Policies, Global Parameters and System
IPv6 First Hop Security Pipe
If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages:
•
Router Advertisement (RA) messages
•
Router Solicitation (RS) messages
•
Neighbor Advertisement (NA) messages
Description
Neighbor Advertisement message
Neighbor Discovery Protocol
Neighbor Solicitation message
Router Advertisement message
Router Solicitation message
Source Address Validation Improvement
Defaults.
26
442