PurposeCommand or Action
Specifies the role of the device attached to the
port. The default is host.
device-role {host | monitor | router | switch}
Example:
Switch(config-nd-inspection)# device-role switch
Step 3
Drops messages with no or invalid options or an
invalid signature.
drop-unsecure
Example:
Switch(config-nd-inspection)# drop-unsecure
Step 4
Enter 1–10,000.
limit address-count value
Example:
Switch(config-nd-inspection)# limit address-count 1000
Step 5
Specifies the minimum security level parameter
value when Cryptographically Generated Address
(CGA) options are used.
sec-level minimum value
Example:
Switch(config-nd-inspection)# limit address-count 1000
Step 6
Overrides the default tracking policy on a port.
tracking {enable [reachable-lifetime {value | infinite}] | disable
[stale-lifetime {value | infinite}]}
Step 7
Example:
Switch(config-nd-inspection)# tracking disable
stale-lifetime infinite
Configures a port to become a trusted port.trusted-port
Example:
Switch(config-nd-inspection)# trusted-port
Step 8
validate source-mac
Step 9
Example:
Switch(config-nd-inspection)# validate source-mac
Remove the current configuration of a parameter
with the no form of the command.
no {device-role | drop-unsecure | limit address-count | sec-level
minimum | tracking | trusted-port | validate source-mac}
Example:
Switch(config-nd-inspection)# no validate source-mac
Step 10
Restores configuration to the default values.default {device-role | drop-unsecure | limit address-count |
sec-level minimum | tracking | trusted-port | validate
source-mac}
Step 11
Example:
Switch(config-nd-inspection)# default limit
address-count
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01 359
Configuring IPv6 First Hop Security
How to Configure an IPv6 Neighbor Discovery Inspection Policy
To Next Page
Loading...
