25
IPv6 First Hop Security
25.26 ipv6 nd inspection drop-unsecure
To globally enable dropping messages with no CGA and RSA Signature options,
use the ipv6 nd inspection drop-unsecure command in Global Configuration
mode. To disable this function, use the no form of this command.
Syntax
ipv6 nd inspection drop-unsecure
no ipv6 nd inspection drop-unsecure
Parameters
N/A
Default Configuration
All messages are bridged.
Command Mode
Global Configuration mode
User Guidelines
This command drops NDP messages if they do not contain CGA and RSA
Signature options.
If this command is not configured, then the sec-level minimum command does not
have an effect.
If this command is configured, then only the sec-level minimum command has an
effect and all other configured ND Inspection policy commands are ignored.
Example
The following example enables the switch to drop messages with no or invalid
options or an invalid signature:
switchxxxxxx(config)#
ipv6 nd inspection drop-unsecure
519
OL-32830-01 Command Line Interface Reference Guide