Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
STEP 3
STEP 4
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
•
Neighbor Binding Logging—Select to enable logging of Neighbor Binding table main
events.
•
Address Prefix Validation—Select to enable IPv6 Source Guard validation of
addresses.
Global Address Binding Configuration:
•
Binding from NDP Messages—To change the global configuration of allowed
configuration methods of global IPv6 addresses within an IPv6 Neighbor Binding
policy, select one of the following options:
-
Any—Any configuration methods (stateless and manual) are allowed for global
IPv6 bound from NDP messages
-
Stateless—Only stateless auto configuration is allowed for global IPv6 bound from
NDP messages.
-
Disable—Binding from NDP messages is disabled.
•
Binding from DHCPv6 Messages—Binding from DHCPv6 is allowed.
Neighbor Binding Entry Limits—Specify the maximum number of Neighbor Binding
entries per type of interface or address:
•
Entries Per VLAN—Specifies the neighbor binding limit per VLAN. Select either No
Limit or enter a User Defined value.
•
Entries Per Interface—Specifies the neighbor binding limit per interface. Select either
No Limit or enter a User Defined value.
•
Entries Per MAC Address—Specifies the neighbor binding limit per MAC address.
Select either No Limit or enter a User Defined value.
If required, click Add to create a Neighbor Binding policy.
Enter the following fields:
•
Policy Name—Enter a user-defined policy name.
•
Device Role—Select one of the following options to specify the role of the device
attached to the port for the Neighbor Binding policy.
-
Inherited—Role of device is inherited from either the VLAN or system default
(client).
-
Perimeter—Port is connected to devices not supporting IPv6 First Hop Security.
-
Internal—Port is connected to devices supporting IPv6 First Hop Security.
25
562