Table of Contents
Advertisement
IPv6 First Hop Security
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
User Guidelines
Use this command to attach an IPv6 First Hop Security policy to a port.
Each succeeding usage of this command overrides the previous usage of the
command with the same policy.
Each time the command is used, it overrides the previous command within the
same policy.
If a policy specified by the
rejected.
Multiple policies with the vlan keyword can be attached to the same port if they
do not have common VLANs.
The set of rules that is applied to an input packet is built in the following way:
•
The rules, configured in the policy attached to the port on the VLAN on
which the packet arrived are added to the set.
•
The rules, configured in the policy attached to the VLAN are added to the
set if they have not been added.
•
The global rules are added to the set if they have not been added.
Use the no ipv6 first hop security attach-policy command to detach all
user-defined policies attached to the port. The default policy is reattached.
Use the no ipv6 first hop security attach-policy
the specific policy from the port.
Examples
Example 1—In the following example, the IPv6 First Hop Security policy policy1 is
attached to the gi11 port:
switchxxxxxx(config)#
switchxxxxxx(config-if)#
switchxxxxxx(config-if)#
Example 2—In the following example, the IPv6 First Hop Security policy policy1 is
attached to the gi11 port and applied to VLANs 1-10 and 12-20:
switchxxxxxx(config)#
policy-name
argument is not defined, the command is
interface gi11
ipv6 first hop security attach-policy policy1
exit
interface gi11
policy-name
command to detach
29
632
Advertisement
Table of Contents
