IPv6 source guard does not inspect ND or DHCP packets; rather, it works in conjunction with IPv6 neighbor discovery (ND) inspection or IPv6 address glean, both of which detect existing addresses on the link and store them into the binding table.
Source Guard only looks at information found in the binding table, and it doesn’t fill the binding table. You need another feature like ND inspection or IPv6 snooping to do this.
https://networklessons.com/cisco/ccie-routing-switching-written/ipv6-source-guard
Given answer is correct per cisco book page 931.
IPv6 Source Guard can block it and drop it. For traffic to be from a known
source and allowed, the source must be in the binding table. The source is either learned
using ND inspection or IPv6 address gleaning and therefore relies on IPv6 snooping being
configured first on Layer 2 access or trunk ports and VLANs.
B is correct
IPv6 source guard does not inspect ND or DHCP packets; rather, it works in conjunction with IPv6 neighbor discovery (ND) inspection or IPv6 address glean, both of which detect existing addresses on the link and store them into the binding table.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3s-book/ip6-src-guard.html#:~:text=IPv6%20source%20guard%20does%20not%20inspect%20ND%20or%20DHCP%20packets%3B%20rather%2C%20it%20works%20in%20conjunction%20with%20IPv6%20neighbor%20discovery%20(ND)%20inspection%20or%20IPv6%20address%20glean%2C%20both%20of%20which%20detect%20existing%20addresses%20on%20the%20link%20and%20store%20them%20into%20the%20binding%20table.
IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This
feature enables the device to deny traffic when it is originated from an address that is not stored in the binding
table. IPv6 source guard does not inspect ND or DHCP packets; rather, it works in conjunction with IPv6
neighbor discovery (ND) inspection or IPv6 address glean, both of which detect existing addresses on the
link and store them into the binding table. IPv6 source guard is an interface between the populated binding
table and data traffic filtering, and the binding table must be populated with IPv6 prefixes for IPv6 source
guard to work.
very sorry team, with my question before, the option correct is ""B"", look this info:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.pdf
team is option D:
IPv6 source guard can deny traffic from unknown sources or unallocated addresses, such as traffic from sources not assigned by a DHCP server. When traffic is denied, the IPv6 address glean feature is notified so that it can try to recover the traffic by querying the DHCP server or by using IPv6 ND
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-e/ip6f-15-e-book/ip6f-15-e-book_chapter_0110.pdf
An entry is installed in the binding table when one of the following conditions is satisfied:
• An IPv6 binding is learnt through DHCP.
• An IPv6 address or prefix is learnt through NDP.
• A static binding is configured by the user.
Source
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/IPv6_Security.pdf
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NoUserName1234
Highly Voted 2Â years, 6Â months agoJKStinn
2Â years, 4Â months agoHermin
2Â years, 1Â month agoBrahim90
Most Recent 2Â months ago[Removed]
9Â months, 1Â week agosteficris89898
1Â year, 1Â month agointeldarvid
1Â year, 9Â months agointeldarvid
1Â year, 9Â months agojarz
2Â years, 6Â months ago