IPv6 First Hop Security
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 718
29
User Guidelines
IPv6 data messages bridged from trusted ports are not validated by IPv6 Source
Guard.
Example
The following example defines a policy that defines a port as trusted:
switchxxxxxx(config)#
ipv6 ipv6 source guard policy
policy1
switchxxxxxx(config-ipv6-srcguard)#
trusted-port
switchxxxxxx(config-ipv6-srcguard)#
exit
29.83 validate source-mac
To enable checking the MAC addresses against the link-layer address within an
IPv6 ND Inspection policy, use the validate source-mac command in ND Inspection
Policy Configuration mode. To return to the default, use the no form of this
command.
Syntax
validate source-mac [enable | disable]
no validate source-mac
Parameters
• enable—Enables validation of the MAC address against the link-layer
address. If no keyword is configured, this keyword is applied by default.
• disable—Disables validation of MAC address against the link-layer address.
Default Configuration
Policy attached to port or port channel: the value configured in the policy attached
to the VLAN.
Policy attached to VLAN: global configuration.
Command Mode
ND inspection Policy Configuration mode
To Next Page
Loading...
