Profile Overrides - Security Configuration (AP Only)

About this task

To override port channel security configurations:

Procedure

  1. Select the Security tab.

    The port channel security configuration screen displays.

    Click to expand in new window
    Port channel - Security Configuration Screen
    GUID-FBBF51B8-281C-43CB-91C9-A002D7B3BD2B-low.png
  2. Use the IPv4 Inbound Firewall Rules drop-down menu to select the IPv4 specific firewall rules to apply to this profile‘s port channel configuration.

    IPv4 is a connectionless protocol for packet switched networking. IPv4 operates as a best effort delivery method, as it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery (unlike (TCP). IPv4 hosts can use link local addressing to provide local connectivity.

  3. Use the IPv6 Inbound Firewall Rules drop-down menu to select the IPv6 specific firewall rules to apply to this profile‘s port channel configuration.

    IPv6 is the latest revision of the Internet Protocol (IP) designed to replace IPv4. IPV6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons.

  4. If there is no firewall rule that meets the data protection needs of the target port channel configuration, click the Create icon to define a new rule configuration, or click the Edit icon to modify an existing firewall rule configuration.
  5. Refer to the Trust field to define or override the following:

    Trust ARP Responses

    Select to enable ARP trust on this port. ARP packets received on this port are considered trusted, and the information from these packets is used to identify rogue devices within the network. This option is disabled by default.

    Trust DHCP Responses

    Select to enable DHCP trust on this port. If enabled, only DHCP responses are trusted and forwarded on this port, and a DHCP server can be connected only to a DHCP trusted port. This option is enabled by default.

    ARP Header Mismatch Validation

    Select to enable a mismatch check for the source MAC in both the ARP and Ethernet header. This option is enabled by default.

    Trust 802.1p COS values

    Select to enable 802.1p COS values on this port. This option is enabled by default.

    Trust IP DSCP

    Select this option to enable IP DSCP values on this port. This option is enabled by default.

  6. Set the following IPv6 Settings:

    Trust ND Requests

    Select to enable the trust of neighbor discovery requests required on an IPv6 network. This setting is disabled by default.

    Trust DHCPv6 Responses

    Select to enable the trust all DHCPv6 responses. DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network. This setting is enabled by default.

    ND Header Mismatch Validation

    Select to enable a mismatch check for the source MAC within the ND header and Link Layer Option. This option is disabled by default.

    RA Guard

    Select this option to enable router advertisements or ICMPv6 redirects from this Ethernet port. This option is disabled by default.

  7. Click OK to save the changes and overrides to the security configuration.

    Click Reset to revert to the last saved configuration.