Name: Cisco Catalyst 2960-XR
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

SUMMARY STEPS

configure terminal

ipv6 snooping policypolicy-name

{[default ] | [device-role {node | switch}] | [limit address-count value] | [no] | [protocol {dhcp | ndp}

] | [security-level {glean | guard | inspect} ] | [tracking {disable [stale-lifetime [seconds | infinite] |

enable [reachable-lifetime [seconds | infinite] } ] | [trusted-port ] }

end

show ipv6 snooping policy policy-name

DETAILED STEPS

PurposeCommand or Action

Enters the global configuration mode.configure terminal

Example:

Switch# configure terminal

Step 1

Creates a snooping policy and enters IPv6 Snooping Policy Configuration

mode.

ipv6 snooping policypolicy-name

Example:

Switch(config)# ipv6 snooping policy

example_policy

Step 2

Enables data address gleaning, validates messages against various criteria,

specifies the security level for messages.

{[default ] | [device-role {node | switch}] |

[limit address-count value] | [no] | [protocol

Step 3

{dhcp | ndp} ] | [security-level {glean | guard

• (Optional) default—Sets all to default options.

| inspect} ] | [tracking {disable [stale-lifetime

[seconds | infinite] | enable

• (Optional) device-role{node] | switch}—Specifies the role of the

device attached to the port. Default is node.

[reachable-lifetime [seconds | infinite] } ] |

[trusted-port ] }

• (Optional) limit address-count value—Limits the number of

addresses allowed per target.

Example:

Switch(config-ipv6-snooping)# security-level

inspect

• (Optional) no—Negates a command or sets it to defaults.

• (Optional) protocol{dhcp | ndp}—Specifies which protocol should

be redirected to the snooping feature for analysis. The default, is dhcp

and ndp. To change the default, use the no protocol command.

Example:

Switch(config-ipv6-snooping)# trusted-port

• (Optional) security-level{glean|guard|inspect}—Specifies the level

of security enforced by the feature. Default is guard.

glean—Gleans addresses from messages and populates the binding

table without any verification.

guard—Gleans addresses and inspects messages. In addition, it

rejects RA and DHCP server messages. This is the default option.

inspect—Gleans addresses, validates messages for consistency

and conformance, and enforces address ownership.

Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1

OL-29434-01 353

Configuring IPv6 First Hop Security

How to Configure an IPv6 Snooping Policy

Other manuals for Cisco Catalyst 2960-XR

Reference52 pages

Configuration Guide196 pages

Configuration Guides120 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2960-XR and is the answer not in the manual?

Cisco Catalyst 2960-XR Specifications

General

Stacking Bandwidth	80 Gbps
Layer Support	Layer 2 and Layer 3
Jumbo Frame Support	9198 bytes
RAM	512 MB
Input Voltage	100-240V AC
Model	Catalyst 2960-XR
Uplink Interfaces	4 x 1G SFP or 2 x 10G SFP+
Downlink Interfaces	24 or 48 x Gigabit Ethernet ports
Power Supply	Internal
MAC Address Table Size	16, 000 entries
PoE	Available on PoE models
Weight	4.5 kg
Features	energy efficiency
Stacking	Up to 8 switches
Operating Temperature	0 to 45°C