IPv6 Source Guard

ReneMolenaar · August 7, 2018, 10:23am

This topic is to discuss the following lesson:

nicholas.williams2 · June 2, 2019, 3:43am

Not sure if the forum is the spot for this. I am only able to view the “preview version” of the video for this section (1:25 run time). I can view the “full” version of everything else (made sure I was logged in, etc.), so I am thinking maybe the wrong video is up in the “members” version of the page?

lagapidis · June 2, 2019, 2:39pm

Hello Nicholas

Thanks for letting us know. I will let Rene know so he can take a look ASAP and resolve the issue.

Laz

ReneMolenaar · June 3, 2019, 2:17pm

Hello Nicholas,

You are right, I accidentally had the trial video for non-members. Just fixed it, you can see the whole video now. Thanks for letting us know!

Rene

Giovanni · May 30, 2022, 10:07am

Hi

What is the difference between Ipv6 source guard and ipv6 destination guard ?

Thanks

lagapidis · June 2, 2022, 5:30am

Hello Giovanni

IPv6 source guard is a layer 2 snooping feature that blocks any traffic from an unknown source. An unknown source is an IPv6 address that is not already in the binding table or has not previously been learned through ND, as described in the lesson.

IPv6 destination guard will ensure that a device performs address resolution only for those addresses that are known to be active on the link. It uses what is known as address glean functionality. Address gleaning involves snooping Neighbor Discovery Protocol (NDP) and DHCP messages on the link to populate the binding table. When a packet reaches the device and there is not yet an adjacency for the destination or for the next hop, the NDP consults the device binding table to verify that the destination or the next hop has been previously gleaned. If the destination is not found in the binding table, the packet is dropped. Otherwise, neighbor discovery resolution is performed.

I hope this has been helpful!

Laz