Cisco 300 Series Cli Manual page 529

25
529
•
value
minimum
the value argument. Range 1-255.
Default Configuration
No hop-count limit is verified.
Command Mode
Global Configuration mode
User Guidelines
This command enables verification that the advertised Cur Hop Limit value in an
RA message (see RFC4861) is greater than or less than the value set by the value
argument.
Configuring the minimum
from setting a low Cur Hop Limit value on the hosts to block them from generating
traffic to remote destinations; that is, beyond their default router. If the advertised
Cur Hop Limit value is unspecified (which is the same as setting a value of 0), the
packet is dropped.
Configuring the maximum
the advertised Cur Hop Limit value is less than or equal to the value set by the
value argument. If the advertised Cur Hop Limit value is unspecified (which is the
same as setting a value of 0), the packet is dropped.
Use the no ipv6 nd raguard hop-limit maximum command to disable verification of
the maximum boundary of the advertised Cur Hop Limit value in an RA message.
Use the no ipv6 nd raguard hop-limit minimum command to disable verification of
the minimum boundary of the advertised Cur Hop Limit value in an RA message.
Examples
Example 1—The following example defines a minimum Cur Hop Limit value of 3
and a maximum Cur Hop Limit value of 100 using two commands:
switchxxxxxx(config)#
switchxxxxxx(config)#
Example 2—The following example defines a minimum Cur Hop Limit value of 3
and a maximum Cur Hop Limit value of 100 using a single command:
—Verifies that the hop-count limit is greater than or equal to
value
keyword and argument can prevent an attacker
value
keyword and argument enables verification that
ipv6 nd raguard hop-limit minimum 3
ipv6 nd raguard hop-limit maximum 100
OL-32830-01 Command Line Interface Reference Guide
IPv6 First Hop Security