Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
STEP 5
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
•
Device Role—Select either Server or Client to specify the role of the device
attached to the port for DHCPv6 Guard.
-
Inherited—Role of device is inherited from either the VLAN or system
default (client).
-
Client—Role of device is client.
-
Host—Role of device is host.
•
Match Reply Prefixes—Select to enable verification of the advertised
prefixes in received DHCP reply messages within a DHCPv6 Guard policy.
-
Inherited—Value is inherited from either the VLAN or system default (no
verification).
-
No Verification—Advertised prefixes are not verified.
-
Match List— IPv6 prefix list to be matched.
•
Match Server Address—Select to enable verification of the DHCP server's
and relay's IPv6 address in received DHCP reply messages within a DHCPv6
Guard policy.
-
Inherited—Value is inherited from either the VLAN or system default (no
verification).
-
No Verification—Disables verification of the DHCP server's and relay's
IPv6 address.
-
Match List— IPv6 prefix list to be matched.
•
Minimal Preference—See above.
•
Maximal Preference—See above.
If required, click either Attach Policy to VLAN or Attach Policy to Interface.
Neighbor Discovery Inspection Settings
Use the ND Inspection Settings page to enable the ND Inspection feature on a
specified group of VLANs and to set the global configuration values for this
feature. If required, a policy can be added or the system-defined default ND
Inspection policies can be configured in this page.
20
429