Security: IPv6 First Hop Security
Policies, Global Parameters and System Defaults
549 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
25
An embedded mechanism in the NDP implementation limits the number of entries allowed in
the INCOMPLETE state in the Neighbor Discovery cache. This provides protection against
the table being flooded by hackers.
Policies, Global Parameters and System Defaults
Each feature of FHS can be enabled or disabled individually. No feature is enabled by default.
Features must initially be enabled on specific VLANs. When you enable the feature, you can
also define global configuration values for that feature’s rules of verification. If you do not
define a policy that contain different values for these verification rules, the global values are
used to apply the feature to packets.
Policies
Policies contain the rules of verification that are performed on input packets. They can be
attached to VLANs and also to ports and LAGs. If the feature is not enabled on a VLAN, the
policies have no effect.
Policies can be user-defined or default policies (see below).
Default Policies
Empty default polices exist for each FHS feature and are by default attached to all VLANs and
interfaces. The default policies are named: "vlan_default" and "port_default" (for each
feature):
• Rules can be added to these default policies. You cannot manually attach default
policies to interfaces. They are attached by default.
• Default policies can never be deleted. You can only delete the user-added
configuration.
User-Defined Policies
You can define policies other than the default policies.
When a user-defined policy is attached to an interface, the default policy for that interface is
detached. If the user-define policy is detached from the interface, the default policy is
reattached.
To Next Page
Loading...
