Security: IPv6 First Hop Security
IPv6 First Hop Security Overview
441 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
26
IPv6 First Hop Security Overview
IPv6 FHS is a suite of features designed to secure link operations in an IPv6-enabled network.
It is based on the Neighbor Discovery Protocol and DHCPv6 messages.
In this feature, a Layer 2 switch (as shown in Figure 1) filters Neighbor Discovery Protocol
messages, DHCPv6 messages and user data messages according to a number of different rules.
Figure 1 IPv6 First Hop Security Configuration
A separate and independent instance of IPv6 First Hop Security runs on each VLAN on which
the feature is enabled.
Abbreviations
IPv6 Host
(End Node)
Monitor
First Hop Switch IPv6 Router
370572
Name Description
CPA message Certification Path Advertisement message
CPS message Certification Path Solicitation message
DAD-NS message Duplicate Address Detection Neighbor Solicitation
message
FCFS-SAVI First Come First Served - Source Address Validation
Improvement
To Next Page
Loading...
Need help?
General
