DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode. Enter your password if prompted.enable
Step 1
Example:
Switch> enable
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 2
Specifies the IPv6 Source Guard policy name and enters IPv6
Source Guard policy configuration mode.
[no] ipv6 source-guard policy policy_name
Example:
Switch(config)# ipv6 source-guard policy
example_policy
Step 3
(Optional) Defines the IPv6 Source Guard policy.[deny global-autoconf] [permit link-local]
[default{. . . }] [exit] [no{. . . }]
Step 4
• deny global-autoconf—Denies data traffic from
auto-configured global addresses. This is useful when all
Example:
Switch(config-sisf-sourceguard)# deny
global-autoconf
global addresses on a link are DHCP-assigned and the
administrator wants to block hosts with self-configured
addresses to send traffic.
• permit link-local—Allows all data traffic that is sourced by
a link-local address.
Trusted option under source guard policy is not
supported.
Note
Exits out of IPv6 Source Guard policy configuration mode.end
Example:
Switch(config-sisf-sourceguard)# end
Step 5
Shows the policy configuration and all the interfaces where the
policy is applied.
show ipv6 source-guard policy policy_name
Example:
Switch# show ipv6 source-guard policy
example_policy
Step 6
What to Do Next
Apply the IPv6 Source Guard policy to an interface.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29048-01 465
Configuring IPv6 First Hop Security
How to Configure IPv6 Source Guard