Security: IPv6 First Hop Security
Common Tasks
Common Tasks
STEP 1
STEP 2
STEP 3
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Policies do not take effect until:
•
The feature in the policy is enabled on the VLAN containing the interface
•
The policy is attached to the interface (VLAN, port or LAG).
When you attach a policy, the default policy for that interface is detached. When you remove
the policy from the interface, the default policy is reattached.
You can only attach 1 policy (for a specific feature) to a VLAN.
You can attach multiple policies (for a specific feature) to an interface if they specify different
VLANs.
Levels of Verification Rules
The final set of rules that is applied to an input packet on an interface is built in the following
way:
•
The rules configured in policies attached to the interface (port or LAG) on which the
packet arrived are added to the set.
•
The rules configured in the policy attached to the VLAN are added to the set if they
have not been added at the port level.
•
The global rules are added to the set if they have not been added at the VLAN or port
level.
Rules defined at the port level override the rules set at the VLAN level. Rules defined at the
VLAN level override the globally-configured rules. The globally-configured rules override
system defaults.
IPv6 First Hop Security Common Work Flow
In the
FHS Settings
page, enter the list of VLANs on which this feature is enabled.
In this same page, set the Global Packet Drop Logging feature.
If required, either configure a user-defined policy or add rules to the default policies for the
feature.
25
550