Port Channel Security

To define a port channel's security configuration.

  1. Select the Security tab.
    Click to expand in new window
    GUID-C2A2B8F0-2F37-4F36-BAD6-EA0DECDC7665-low.png

  2. Refer to the Access Control section. As part of the port channel's security configuration, Inbound IP and MAC address firewall rules are required.

    Use the Inbound IP Firewall Rules and MAC Inbound Firewall Rules drop-down menus to select firewall rules to apply to this profile's port channel configuration.

    The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances.

    If a firewall rule does not exist suiting the data protection needs of the target port channel configuration, select the Create icon to define a new rule configuration or the Edit icon to modify an existing firewall rule configuration. For more information, see Wireless Firewall.

  3. Refer to the Trust field to define the following:

    Trust ARP Responses

    Select the check box to enable ARP trust on this port channel. ARP packets received on this port are considered trusted and information from these packets is used to identify rogue devices within the network. The default value is disabled.

    Trust DHCP Responses

    Select the check box to enable DHCP trust. If enabled, only DHCP responses are trusted and forwarded on this port channel, and a DHCP server can be connected only to a DHCP trusted port. The default value is enabled.

    ARP header Mismatch Validation

    Select the check box to enable a mismatch check for the source MAC in both the ARP and Ethernet header. The default value is enabled.

    Trust 802.1p COS values

    Select the check box to enable 802.1p COS values on this port channel. The default value is enabled.

    Trust IP DSCP

    Select the check box to enable IP DSCP values on this port channel. The default value is enabled.

  4. Set the following IPv6 Settings:

    Trust ND Requests

    Select to enable the trust of neighbor discovery requests required on an IPv6 network. This setting is disabled by default.

    Trust DHCPv6 Responses

    Select to enable the trust all DHCPv6 responses. DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network. This setting is enabled by default.

    ND Header Mismatch Validation

    Select to enable a mismatch check for the source MAC within the ND header and Link Layer Option. This option is disabled by default.

    RA Guard

    Select this option to enable router advertisements or ICMPv6 redirects from this Ethernet port. This option is disabled by default.

  5. Select OK to save the changes to the security configuration. Select Reset to revert to the last saved configuration.