Related Topics
Information about First Hop Security in IPv6, on page 678
How to Configure IPv6 Source Guard
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
[no] ipv6 source-guard policy policy_name
4.
[deny global-autoconf] [permit link-local] [default{. . . }] [exit] [no{. . . }]
5.
end
6.
show ipv6 source-guard policy policy_name
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode. Enter your password if prompted.enable
Step 1
Example:
Switch> enable
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 2
Specifies the IPv6 Source Guard policy name and enters IPv6
Source Guard policy configuration mode.
[no] ipv6 source-guard policy policy_name
Example:
Switch(config)# ipv6 source-guard policy
example_policy
Step 3
(Optional) Defines the IPv6 Source Guard policy.[deny global-autoconf] [permit link-local]
[default{. . . }] [exit] [no{. . . }]
Step 4
• deny global-autoconf—Denies data traffic from
auto-configured global addresses. This is useful when all
Example:
Switch(config-sisf-sourceguard)# deny
global-autoconf
global addresses on a link are DHCP-assigned and the
administrator wants to block hosts with self-configured
addresses to send traffic.
• permit link-local—Allows all data traffic that is sourced by
a link-local address.
Trusted option under source guard policy is not
supported.
Note
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
705
How to Configure IPv6 Source Guard
To Next Page
Loading...
Need help?
General
