Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
How to Configure an IPv6 Router Advertisement Guard Policy
Command or Action
Step 2
[no]ipv6 nd raguard policy policy-name
Example:
Switch(config)# ipv6 nd raguard policy
example_policy
Step 3
[no]device-role {host | monitor | router |
switch}
Example:
Switch(config-nd-raguard)# device-role
switch
Step 4
[no]hop-limit {maximum | minimum} value
Example:
Switch(config-nd-raguard)# hop-limit
maximum 33
Step 5
[no]managed-config-flag {off | on}
Example:
Switch(config-nd-raguard)#
managed-config-flag on
Step 6
[no]match {ipv6 access-list list | ra prefix-list
list}
Example:
Switch(config-nd-raguard)# match ipv6
access-list example_list
Step 7
[no]other-config-flag {on | off}
Example:
Switch(config-nd-raguard)#
other-config-flag on
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
696
Purpose
Specifies the RA Guard policy name and enters RA Guard Policy
configuration mode.
Specifies the role of the device attached to the port. The default is
host.
(1–255) Range for Maximum and Minimum Hop Limit values.
Enables filtering of Router Advertisement messages by the Hop Limit
value. A rogue RA message may have a low Hop Limit value
(equivalent to the IPv4 Time to Live) that when accepted by the host,
prevents the host from generating traffic to destinations beyond the
rogue RA message generator. An RA message with an unspecified
Hop Limit value is blocked.
If not configured, this filter is disabled. Configure minimum to block
RA messages with Hop Limit values lower than the value you specify.
Configure maximumto block RA messages with Hop Limit values
greater than the value you specify.
Enables filtering of Router Advertisement messages by the Managed
Address Configuration, or "M" flag field. A rouge RA message with
an M field of 1 can cause a host to use a rogue DHCPv6 server. If not
configured, this filter is disabled.
On—Accepts and forwards RA messages with an M value of 1, blocks
those with 0.
Off—Accepts and forwards RA messages with an M value of 0, blocks
those with 1.
Matches a specified prefix list or access list.
Enables filtering of Router Advertisement messages by the Other
Configuration, or "O" flag field. A rouge RA message with an O field
of 1 can cause a host to use a rogue DHCPv6 server. If not configured,
this filter is disabled.
On—Accepts and forwards RA messages with an O value of 1, blocks
those with 0.
Off—Accepts and forwards RA messages with an O value of 0, blocks
those with 1.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
