Question regarding SLAAC
Phileeeeeeep651
Member Posts: 179 ■■■□□□□□□□
in CCNA & CCENT
I was just finishing up the last couple chapters in my ICND1 studies and I was reading about IPv6 and SLAAC, which sounds great but after reading about the process all I could think about was how much of a security issue this could be.
I did a google search and couldn't find anything very recent but I did stumble upon Cisco's RA Guard, which from my understanding would prevent rouge routers from advertising themselves as a default router to the LAN. But from a LAN perspective, besides physical measures, port security, etc. , what would stop a host from accessing an open port on a switch and gaining an IP address?
I'm probably in over my head on the topic as far as my study levels go but I thought it was a curious issue.
I did a google search and couldn't find anything very recent but I did stumble upon Cisco's RA Guard, which from my understanding would prevent rouge routers from advertising themselves as a default router to the LAN. But from a LAN perspective, besides physical measures, port security, etc. , what would stop a host from accessing an open port on a switch and gaining an IP address?
I'm probably in over my head on the topic as far as my study levels go but I thought it was a curious issue.
Working on: CCNP Switch
Comments
-
Phileeeeeeep651
Member Posts: 179 ■■■□□□□□□□
Nevermind, I found IPv6 snooping which I believe would solve the dilemma.
Here's the link if anyone else was curious...
IPv6 First-Hop Security Configuration Guide, Cisco IOS Release 15S - IPv6 Snooping [Support] - CiscoWorking on: CCNP Switch