Security: IPv6 First Hop Security
Configuring IPv6 First Hop Security through Web GUI
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x 560
25
• Device Role—Displays the device role that is explained below.
• Drop Unsecure—Select to enable dropping messages with no CGA or RSA Signature
option within an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select the security
level below which messages are not forwarded.
- No Verification—Disables verification of the security level.
- User Defined—Specify the security level of the message to be forwarded.
• Validate Source MAC—Select to globally enable checking source MAC address
against the link-layer address:
STEP 3 Click Apply to add the settings to the Running Configuration file.
STEP 4 If required, click Add to create an ND Inspection policy.
STEP 5 Enter the following fields:
• Policy Name—Enter a user-defined policy name.
• Device Role—Select one of the following to specify the role of the device attached to
the port for ND Inspection.
- Inherited—Role of device is inherited from either the VLAN or system default
(client).
- Host—Role of device is host.
- Router—Role of device is router.
• Drop Unsecure—Select one of following options:
- Inherited—Inherit value from VLAN or system default (disabled).
- Enable—Enable dropping messages with no CGA or RSA Signature option within
an IPv6 ND Inspection policy.
- Disable—Disable dropping messages with no CGA or RSA Signature option within
an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select the security
level below which messages are not forwarded.
- Inherited—Inherit value from VLAN or system default (disabled).
- No Verification—Disables verification of the security level.
- User Defined—Specify the security level of the message to be forwarded.
To Next Page
Loading...
Need help?
General
