Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
Cisco 500 Series Stackable Managed Switch Administration Guide 534
23
• Device Role—Displays the device role that is explained below.
• Drop Unsecure—Select to enable dropping messages with no CGA or
RSA Signature option within an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select
the security level below which messages are not forwarded.
- No Verification—Disables verification of the security level.
- User Defined—Specify the security level of the message to be
forwarded.
• Validate Source MAC—Specify whether to globally enable checking
source MAC address against the link-layer address:
- Inherited—Inherit value from VLAN or system default (disabled).
- Enable—Enable checking source MAC address against the link-layer
address.
- Disable—Disable checking source MAC address against the link-layer
address.
STEP 3 If required, click Add to create an ND Inspection policy.
STEP 4 Enter the following fields:
• Policy Name—Enter a user-defined policy name.
• Device Role—Select either Server or Client to specify the role of the device
attached to the port for ND Inspection.
- Inherited—Role of device is inherited from either the VLAN or system
default (client).
- Host—Role of device is host.
- Router—Role of device is router.
• Drop Unsecure—See above.
• Minimal Security Level—See above.
• Validate Source MAC—See above.
STEP 5 Click Apply to add the settings to the Running Configuration file.
To Next Page
Loading...
