Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
STEP 5
STEP 1
STEP 2
STEP 3
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If required, click either Attach Policy to VLAN or Attach Policy to Interface.
Neighbor Binding Settings
The Neighbor Binding table is a database table of IPv6 neighbors connected to a
device is created from information sources, such as Neighbor Discovery Protocol
(NDP) snooping. This database, or binding, table is used by various IPv6 guard
features to prevent spoofing and redirect attacks.
Use the Neighbor Binding Settings page to enable the Neighbor Binding feature on
a specified group of VLANs and to set the global configuration values for this
feature. If required, a policy can be added or the system-defined default Neighbor
Binding policies can be configured in this page.
To configure Neighbor Binding on ports or LAGs:
Click Security > First Hop Security > Neighbor Binding Settings.
Enter the following global configuration fields:
•
Neighbor Binding VLAN List—Enter one or more VLANs on which
Neighbor Binding is enabled.
•
Manual Neighbor Binding—Select to indicate that entries can be added to
the Neighbor Binding table manually.
•
Neighbor Binding Lifetime—Enter the length of time that addresses
remain in the Neighbor Bindings table.
•
Neighbor Binding Logging—This field indicates whether to enable
validation of a bound IPv6 address against the Neighbor Prefix table and
logging of Binding table main events.
•
Neighbor Binding Entry Limits—Specify the maximum number of
Neighbor Binding entries per type of interface or address:
-
Entries Per VLAN:—Specifies the neighbor binding limit per number of
VLANs.
-
Entries Per Interface:—Specifies the neighbor binding limit per
interface.
-
Entries Per MAC Address:—Specifies the neighbor binding limit per
MAC address.
If required, click Add to create a Neighbor Binding policy.
20
431