To configure the port channel's security configuration:
Use the drop-down menus to select the firewall rules to apply to this profile‘s Ethernet port configuration. The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances
Trust ARP Responses | Select this option to enable ARP trust on this port. ARP packets received on this port are considered trusted, and the information from these packets is used to identify rogue devices within the network. This option is disabled by default. |
Trust DHCP Responses | Select this option to enable DHCP trust on this port. If enabled, only DHCP responses are trusted and forwarded on this port, and a DHCP server can be connected only to a DHCP trusted port. This option is enabled by default. |
ARP Header Mismatch Validation | Select this option to enable a mismatch check for the source MAC in both the ARP and Ethernet header. This option is enabled by default. |
Trust 802.1p COS values | Select this option to enable 802.1p COS values on this port. This option is enabled by default. |
Trust IP DSCP | Select this option to enable IP DSCP values on this port. This option is enabled by default. |
Trust ND Requests | Select this option to enable neighbor discovery (ND) request trust on this port channel (neighbor discovery requests received on this port are considered trusted). Neighbor discovery allows the discovery of an adjacent device‘s MAC addresses, similar to Address Resolution Protocol (ARP) on Ethernet in IPv4. The default value is disabled. |
Trust DHCPv6 Responses | Select this option to enable DHCPv6 trust. If enabled, only DHCPv6 responses are trusted and forwarded on this port channel, and a DHCPv6 server can be connected only to a trusted port. The default value is enabled. |
ND Header Mismatch Validation | Select this option to enable a mismatch check for the source MAC within the ND header and Link Layer Option. This option is disabled by default. |
RA Guard | Select this option to enable router advertisements or ICMPv6 redirects from this Ethernet port. Router advertisements are periodically sent to hosts or sends in response to solicitation requests. The advertisement includes IPv6 prefixes and other subnet and host information. This option is disabled by default. |