Neighbor Binding Settings

The Neighbor Binding table is a database table of IPv6 neighbors connected to a device is created from information sources, such as Neighbor Discovery Protocol (NDP) snooping. This database, or binding, table is used by various IPv6 guard features to prevent spoofing and redirect attacks.

Use the Neighbor Binding Settings page to enable the Neighbor Binding feature on a specified group of VLANs and to set the global configuration values for this feature. If required, a policy can be added or the system-defined default Neighbor Binding policies can be configured in this page.

To configure Neighbor Binding:

Procedure

Step 1

Click Security > IPv6 First Hop Security > Neighbor Binding Settings.

Step 2

Enter the following global configuration fields:

Neighbor Binding VLAN List

Enter one or more VLANs on which Neighbor Binding is enabled.

Device Role

Displays the device global default role (Perimeter).

Neighbor Binding Lifetime

Enter the length of time that addresses remain in the Neighbor Bindings table.

Neighbor Binding Logging

Select to enable logging of Neighbor Binding table main events.

Address Prefix Validation

Select to enable IPv6 Source Guard validation of addresses.

Global Address Binding Configuration

Binding from NDP Messages

To change the global configuration of allowed configuration methods of global IPv6 addresses within an IPv6 Neighbor Binding policy, select one of the following options:

  • Any—Any configuration methods (stateless and manual) are allowed for global IPv6 bound from NDP messages.

  • Stateless—Only stateless auto configuration is allowed for global IPv6 bound from NDP messages.

  • Disable—Binding from NDP messages is disabled.

Binding from DHCPv6 Messages

Binding from DHCPv6 is allowed.

Neighbor Binding Entry Limits

Entries per VLAN

Select No Limit to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Entries per Interface

Select No Limit to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Entries per MAC Address

Select No Limit to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Step 3

Click Apply to add the settings to the Running Configuration file.

Step 4

If required, click Add to create a Neighbor Binding policy.

Step 5

Enter the following fields:

Policy Name

Enter a user-defined policy name.

Device Role

Select one of the following options to specify the role of the device attached to the port for the Neighbor Binding policy.

  • Inherited—Role of device is inherited from either the VLAN or system default (client).

  • Perimeter—Port is connected to devices not supporting IPv6 First Hop Security.

  • Internal—Port is connected to devices supporting IPv6 First Hop Security.

Neighbor Binding Logging

Select one of the following options to specify logging:

  • Inherited—Logging option is the same as the global value.

  • Enable—Enable logging of Binding table main events.

  • Disable—Disable logging of Binding table main events.

Address Prefix Validation

Select one of the following options to specify validation of addresses:

  • Inherited—Validation option is the same as the global value.

  • Enable—Enable validation of addresses.

  • Disable—Disable validation of addresses

Global Address Binding Configuration

Inherit Address Binding Settings

Enable to use the global address binding settings.

Binding from NDP Messages

To change the global configuration of allowed configuration methods of global IPv6 addresses within an IPv6 Neighbor Binding policy, select one of the following options:

  • Any—Any configuration methods (stateless and manual) are allowed for global IPv6 bound from NDP messages.

  • Stateless—Only stateless auto configuration is allowed for global IPv6 bound from NDP messages.

  • Disable—Binding from NDP messages is disabled.

Binding from DHCPv6 Messages

Select to enable binding from DHCPv6.

Neighbor Binding Entry Limits

Entries per VLAN

Select Inherited to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Entries per Interface

Select Inherited to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Entries per MAC Address

Select Inherited to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy.

Step 6

Click Apply to add the settings to the Running Configuration file.

Step 7

To attach this policy to an interface:

Attach Policy to VLAN

Click to jump to Policy Attachment (VLAN) page where you can attach this policy to a VLAN.

Attach Policy to Interface

Click to jump to Policy Attachment (Port) page where you can attach this policy to a port.