20
DHCPv6 Guard
416
•
Validation of received Neighbor Discovery protocol messages.
•
Egress filtering
Message Validation
ND Inspection validates the Neighbor Discovery protocol messages, based on an
ND Inspection policy attached to the interface. This policy can be defined in the
ND Inspection Settings page.
If a message does not pass the verification defined in the policy, it is dropped and
a rate limited SYSLOG message is sent.
Egress Filtering
ND Inspection blocks forwarding of RS and CPS messages on interfaces
configured as host interfaces.
DHCPv6 Guard treats the trapped DHCPv6 messages. DHCPv6 Guard supports
the following functions:
•
Filtering of received DHCPv6 messages.
DHCP Guard discards DHCPv6 reply messages received on interfaces
whose role is client. The interface role is configured in the DHCP Guard
Settings page.
•
Validation of received DHCPv6 messages.
DHCPv6 Guard validates DHCPv6 messages that match the filtering based
on the DHCPv6 Guard policy attached to the interface.
If a message does not pass verification, it is dropped. If the logging packet drop
configuration on the FHS common component is enabled, a rate limited SYSLOG
message is sent.
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Security: IPV6 First Hop Security
DHCPv6 Guard