Cisco Cisco SG500-52PP 52-port Gigabit Max PoE+ Stackable Managed Switch 技术参考

IPv6 First Hop Security

OL-31486-02 Command Line Interface Reference Guide

605

29

•

•

•

Each policy of the same type (for example, DHCPv6 Guard policies) must have a 
unique name. Policies of different types can have the same policy name.

The switch supports two predefined, default DHCPv6 Guard policies named: 
"vlan_default" and "port_default":

      ipv6 dhcp guard policy vlan_default

      exit

      ipv6 dhcp guard policy port_default

      exit

The default policies are empty and cannot be removed, but can be changed. The 
no ipv6 dhcp guard policy does not remove the default policies, it only removes 
the policy configuration defined by the user.

The default policies cannot be attached by the 

 or 

 command. The 

vlan_default policy is attached by default to a VLAN, if no other policy is attached 
to the VLAN. The port_default policy is attached by default to a port, if no other 
policy is attached to the port.

You can define a policy using the ipv6 dhcp guard policy command multiple times.

Before an attached policy is removed, a request for confirmation is presented to 
the user, as shown in Example 3 below.

Example 1—The following example defines a DHCPv6 Guard policy named 
policy1, places the router in DHCPv6 Guard Policy Configuration mode, configures 
the port to drop unsecure messages and sets the device role as router:

switchxxxxxx(config)# 

ipv6 dhcp guard policy policy1

switchxxxxxx(config-dhcp-guard)# 

switchxxxxxx(config-dhcp-guard)# 

switchxxxxxx(config-dhcp-guard)# exit