25
521
ipv6 nd inspection policy port_default
exit
These policies cannot be removed, but they can be changed. The no ipv6 nd
inspection policy does not remove these policies, it only removes the policy
configuration defined by the user.
The default policies cannot be attached by the
(port mode)
or
ipv6 nd inspection attach-policy (VLAN mode)
vlan_default policy is attached by default to a VLAN, if no other policy is attached
to the VLAN. The port_default policy is attached by default to a port, if no other
policy is attached to the port.
You can define a policy using the ipv6 nd inspection policy command multiple
times.
If an attached policy is removed it is detached automatically before removing.
Examples
Example 1. The following example defines a ND Inspection policy named policy1,
places the switch in ND Inspection Policy Configuration mode, and configures the
port to drop unsecured messages and sets the device role as router:
switchxxxxxx(config)#
switchxxxxxx(config-nd-inspection)#
switchxxxxxx(config-nd-inspection)#
switchxxxxxx(config-nd-inspection)# exit
Example 2. The following example defines an ND Inspection policy as policy1 by a
few steps:
switchxxxxxx(config)#
switchxxxxxx(config-nd-inspection)#
switchxxxxxx(config-nd-inspection)#
switchxxxxxx(config)#
switchxxxxxx(config-nd-inspection)#
ipv6 nd inspection policy policy1
drop-unsecure
device-role router
ipv6 nd inspection policy policy1
drop-unsecure
exit
ipv6 nd inspection policy policy1
device-role router
OL-32830-01 Command Line Interface Reference Guide
IPv6 First Hop Security
ipv6 nd inspection attach-policy
command. The