I'm looking for Cisco switches that support IPv6 layer 2 security. The following features are required:
- MLDv2 snooping [RFC4541]
- DHCPv6 snooping [RFC3315]
DHCPv6 messages must be blocked between subscribers and the network so that false DHCPv6 servers cannot distribute addresses. - Router Advertisement (RA) filtering [RFC4862, RFC5006]
RA filtering must be used in the network to block unauthorised RA messages. - Dynamic "IPv6 neighbour solicitation/advertisement" inspection [RFC4862]
There must be an IPv6 neighbour solicitation/advertisement inspection, as in IPv4 "Dynamic ARP Inspection". The table with MAC-address and link-local and other assigned IPv6-addresses must be dynamically created by SLAAC or DHCPv6 messages. - Neighbour Unreachability Detection [NUD, RFC4861] filtering
There must be a NUD filtering function to ensure that false NUD messages cannot be sent. - Duplicate Address Detection [DAD, RFC4429] snooping and filtering
Only authorised addresses may be allowed as source IPv6 addresses in DAD messages from each port.
Source: http://www.ripe.net/ripe/docs/ripe-501
I've looked around in some configuration guides for some Cisco access switches but I can't seem to find any switch supporting these functionalities.