Cisco 350 Series Administration Manual page 604

26
STEP 2
STEP 3
STEP 4
STEP 5
463
Enter the following global configuration fields:
• ND Inspection VLAN List—Enter one or more VLANs on which ND Inspection is
enabled.
• Device Role—Displays the device role that is explained below.
• Drop Unsecure—Select to enable dropping messages with no CGA or RSA Signature
option within an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select the security
level below which messages are not forwarded.
- No Verification—Disables verification of the security level.
- User Defined—Specify the security level of the message to be forwarded.
• Validate Source MAC—Select to globally enable checking source MAC address
against the link-layer address.
Click Apply to add the settings to the Running Configuration file.
If required, click Add to create an ND Inspection policy.
Enter the following fields:
• Policy Name—Enter a user-defined policy name.
• Device Role—Select one of the following to specify the role of the device attached to
the port for ND Inspection.
- Inherited—Role of device is inherited from either the VLAN or system default
(client).
- Host—Role of device is host.
- Router—Role of device is router.
• Drop Unsecure—Select one of following options:
- Inherited—Inherit value from VLAN or system default (disabled).
- Enable—Enable dropping messages with no CGA or RSA Signature option within
an IPv6 ND Inspection policy.
- Disable—Disable dropping messages with no CGA or RSA Signature option within
an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select the security
level below which messages are not forwarded.
Configuring IPv6 First Hop Security through Web GUI
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Security: IPv6 First Hop Security