User's Manual
Security: IPV6 First Hop Security
Configuring First Hop Security through Web GUI
430 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
20
To configure ND Inspection on ports or LAGs: 
STEP 1 Click Security > First Hop Security > ND Inspection Settings. 
STEP  2 Enter the following global configuration fields:
• ND Inspection VLAN List—Enter one or more VLANs on which ND 
Inspection is enabled.
• Drop Unsecure—Select to enable dropping messages with no CGA or 
RSA Signature option within an IPv6 ND Inspection policy.
• Minimal Security Level—If unsecure messages are not dropped, select 
the security level below which messages are not forwarded.
- No Verification—Disables verification of the security level.
- User Defined—Specify the security level of the message to be 
forwarded.
STEP  3 If required, click Add to create an ND Inspection policy.
STEP  4 Enter the following fields:
• Policy Name—Enter a user-defined policy name.
• Device Role—Select either Server or Client to specify the role of the device 
attached to the port for ND Inspection.
- Inherited—Role of device is inherited from either the VLAN or system 
default (client).
- Client—Role of device is client.
- Host—Role of device is host.
• Drop Unsecure—See above.
• Minimal Security Level—See above.
• Validate Source MAC—Specify whether to globally enable checking 
source MAC address against the link-layer address:
- Inherited—Inherit value from VLAN or system default (disabled).
- Enable—Enable checking source MAC address against the link-layer 
address.
- Disable—Disable checking source MAC address against the link-layer 
address.










