Security: IPV6 First Hop Security
Default Settings and Configuration
424 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
20
STEP 3 If required, either configure a user-defined policy or add rules to the default
policies for the feature.
STEP 4 Attach the policy to a VLAN, port or LAG using either the Policy Attachment
(VLAN) or Policy Attachment (Port) pages.
Neighbor Binding Work Flow
STEP 1 In the Neighbor Bindings Settings page, enter the list of VLANs on which this
feature is enabled.
STEP 2 In this same page, set the global configuration values that are used if no values are
set in a policy.
STEP 3 If required, either configure a user-defined policy or add rules the default policies
for the feature.
STEP 4 Add any manual entries required in the Neighbor Binding Table page
STEP 5 Attach the policy to a VLAN, port or LAG using either the Policy Attachment
(VLAN) or Policy Attachment (Port) pages.
Default Settings and Configuration
If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following
messages by default:
• Router Advertisement (RA) messages
• Router Solicitation (RS) messages
• Neighbor Advertisement (NA) messages
• Neighbor Solicitation (NS) messages
• ICMPv6 Redirect messages
• Certification Path Advertisement (CPA) messages
• Certification Path Solicitation (CPS) message
• DHCPv6 messages
The FHS features are disabled by default.
