Security: IPV6 First Hop Security
Neighbor Binding Integrity
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 417
20
Neighbor Binding Integrity
Neighbor Binding (NB) Integrity establishes binding of neighbors.
A separate, independent instance of NB Integrity runs on each VLAN on which the
feature is enabled.
Learning Advertised IPv6 Prefixes
NB Integrity learns IPv6 prefixes advertised in RA messages and saves it in the
Neighbor Prefix table. The prefixes are used for verification of assigned global
IPv6 addresses.
By default, this validation is disabled. When it is enabled, addresses are validated
against the prefixes in the Neighbor Binding Settings page.
Static prefixes used for the address validation can be added in the Neighbor
Binding Table page.
Neighbor Binding Table Overflow
When there is no free space to create a new entry, the new entry overrides the
entry with the highest creation time.
Establishing Binding of Neighbors
An IPv6 First Hop Security switch can discover and record binding information by
using the following methods:
• NBI-NDP Method: Learning IPv6 addresses from the snooped Neighbor
Discovery Protocol messages
• NBI-Manual Method: By manual configuration
An IPv6 address is bound to a link layer property of the host's network attachment.
This property, called a "binding anchor" consists of the interface identifier (ifIndex)
through which the host is connected to and the host’s MAC address.
IPv6 First Hop Security switch establishes binding only on perimeterical interfaces
(see IPv6 First Hop Security Perimeter).
Binding information is saved in the Neighbor Binding table.
To Next Page
Loading...
Need help?
General
