User's Manual
Security: IPV6 First Hop Security
DHCPv6 Guard
416 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
20
• Validation of received Neighbor Discovery protocol messages.
• Egress filtering
Message Validation
ND Inspection validates the Neighbor Discovery protocol messages, based on an 
ND Inspection policy attached to the interface. This policy can be defined in the 
ND Inspection Settings page.
If a message does not pass the verification defined in the policy, it is dropped and 
a rate limited SYSLOG message is sent.
Egress Filtering
ND Inspection blocks forwarding of RS and CPS messages on interfaces 
configured as host interfaces.
DHCPv6 Guard
DHCPv6 Guard treats the trapped DHCPv6 messages. DHCPv6 Guard supports 
the following functions:
• Filtering of received DHCPv6 messages.
DHCP Guard discards DHCPv6 reply messages received on interfaces 
whose role is client. The interface role is configured in the DHCP Guard 
Settings page.
• Validation of received DHCPv6 messages.
DHCPv6 Guard validates DHCPv6 messages that match the filtering based 
on the DHCPv6 Guard policy attached to the interface. 
If a message does not pass verification, it is dropped. If the logging packet drop 
configuration on the FHS common component is enabled, a rate limited SYSLOG 
message is sent.










