IPv6 First Hop Security
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 638
29
Command Mode
Interface (VLAN) Configuration mode
User Guidelines
Use the command to enable ND Inspection on a VLAN.
IPv6 ND Inspection validates the Neighbor Discovery Protocol (NDP) messages
using the ND Inspection policies and global ND Inspection configuration.
ND Inspection bridges NDP messages to all ports excluding the source port within
the VLAN with the following exception: RS and CPS messages are not bridged to
ports configured as host (see the device-role command).
ND inspection is performed after RA Guard.
Examples
Example 1—The following example enables ND Inspection on VLAN 100:
switchxxxxxx(config)#
interface vlan
100
switchxxxxxx(config-if)#
ipv6 nd inspection
switchxxxxxx(config-if)#
exit
Example 2—The following example enables ND Inspection on VLANs 100-107:
switchxxxxxx(config)#
interface range vlan
100-107
switchxxxxxx(config-if-range)#
ipv6 nd inspection
switchxxxxxx(config-if-range)#
exit
29.24 ipv6 nd inspection attach-policy (port
mode)
To attach an ND Inspection policy to a specific port, use the ipv6 nd inspection
attach-policy command in Interface Configuration mode. To return to the default,
use the no form of this command.
To Next Page
Loading...
