Drag and Drop the IPv6 First-Hop Security features from the left onto the definitions on the right.

Drag and Drop the IPv6 First-Hop Security features from the left onto the definitions on the right.

View Answer

Answer:

Explanation

The DHCPv6 Guard feature blocks DHCP reply and advertisement messages that originate from unauthorized DHCP servers and relay agents that forward DHCP packets from servers to clients. Client messages or messages sent by relay agents from clients to servers are not blocked.

IPv6 ND Inspection creates a binding table that is based on NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages. The switch then uses this table to check any future NS/NA messages. When the IPv6-LLA combination does not match, it drops the message. This only applies to NS/NA messages, it doesn’t drop any actual data packets that have a spoofed IPv6 or MAC address.

IPv6 Source Guard filters inbound traffic on L2 switch ports that are not in the IPv6 binding table.

The binding table stores the following information:

+ IPv6 address

+ MAC address

+ VLAN

+ Interface ID

Source Guard only looks at information found in the binding table, and it doesn’t fill the binding table.

The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by unauthorized devices.