Usage Guidelines - Cisco Catalyst 4500 Series Software Configuration Manual

Configuring RA Guard
Current configuration : 53 bytes
!
interface GigabitEthernet1/1
ipv6 nd raguard
end
The following example shows a sample output of the show ipv6 commands:
Switch# show ipv6 snooping counters int gi 2/48
Received messages on gi 2/48 :
Protocol
NDP
DHCPv6
Bridged messages from gi 2/48 :
Protocol
NDP
DHCPv6
Dropped messages on gi 2/48 :
Feature
Snooping
Switch#
Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported and
Note
displayed when you enter a show ipv6 snooping counters interface command. (Previous to this release,
you enter the show ipv6 first-hop counters interface command.)
Note Be aware that only RA (Router Advertisement) and REDIR (Router Redirected packets) counters are
supported in 12.2(54)SG.
Switch# show ipv6 nd raguard policy RA_GUARD
Policy RA_GUARD configuration:
device-role router
Policy RA_GUARD is applied on the following targets:
Target
Gi 1/1
Switch#
Note With Cisco Release IOS XE 3.4.0SG and IOS 15.1(2)SG, the show ipv6 nd raguard policy command
replaces the show ipv6 first-hop policies command.

Usage Guidelines

Observe the following restrictions:
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
62-52
Protocol message
RS[9] RA[131] NS[7] NA[2]
SOL[24] ADV[2] REQ[1] REP[1]
Protocol message
RS[9] NS[7] NA[2]
SOL[24] ADV[1] REQ[1] REP[1]
Protocol Msg [Total dropped]
NDP RA [131]
reason: Packet not authorized on port [131]
NS [2]
reason: Packet accepted but not forwarded [2]
Type Policy
PORT RA_GUARD
Chapter 62 Configuring Network Security with ACLs
Feature Target range
RA guard vlan all